Skip to main content

Mozilla is patching a Firefox exploit that can hijack 'sensitive local files'

Mozilla is patching a Firefox exploit that can hijack 'sensitive local files'


Now would be a good time to update your browser

Share this story

Mozilla has announced that it's in the process of patching Firefox after discovering an exploit out in the wild "that searched for sensitive files and uploaded them to a server that appears to be in Ukraine." The vulnerability was discovered in an ad on an unnamed Russian news site on Wednesday, although it's not clear where else it might have appeared.

The company says the exploit was "surprisingly developer focused for an exploit launched on a general audience news site," and appears to be focused on Windows and Linux users. Mac users, however, "would not be immune should someone create a different payload." The exploit "comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox’s PDF Viewer," which means that versions without the PDF viewer, such as Firefox for Android, don't appear to be vulnerable.

So, right now would be a great time to update your browser. "The exploit leaves no trace it has been run on the local machine," Mozilla says. "If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs."