ATTENTION: You are viewing a page formatted for mobile devices; to view the full web page, click HERE.

Main Area and Open Discussion > General Software Discussion

Firefox users, here's a security flaw you'll need to fix



Another day, another security flaw -- this one affecting Mozilla's Web browser, Firefox. But this one is easy enough for you to fix.

On Thursday, Mozilla revealed a vulnerability in its browser that was discovered by a Firefox user. An ad on an unnamed news site in Russia was able to tap into the vulnerability to upload certain files from a user's computer to a server apparently based in the Ukraine. Exploiting Firefox's PDF Viewer and its use of the widespread JavaScript code, the hack seems to capture only "developer focused" files -- think FTP (file transfer protocol) -- at least in Windows. Your personal files and data aren't caught in the attack, but the hack is still alarming.
--- End quote ---


The targetting of developers is scary. I can imagine some attackers being able to do a worm-like cascade of attacks by stealing and then exploiting developer logins and get the malware on more sites. If a developers computer gets infected that means that any code on their computer could also be infected.

I had Firefox set to notify on updates (not autoinstall) on one computer and the update notification popup is really a bit too low key for serious cases like this. Maybe shift to big red flashing letters? :D

Ah serendipity... I've always hated the built in PDF viewer, and have disabled it for quite a while. Nice to hear that I was protected against this without even being aware of it.


[0] Message Index

Go to full version