Main Area and Open Discussion > General Software Discussion

Firefox users, here's a security flaw you'll need to fix

(1/1)

KynloStephen66515:

Another day, another security flaw -- this one affecting Mozilla's Web browser, Firefox. But this one is easy enough for you to fix.

On Thursday, Mozilla revealed a vulnerability in its browser that was discovered by a Firefox user. An ad on an unnamed news site in Russia was able to tap into the vulnerability to upload certain files from a user's computer to a server apparently based in the Ukraine. Exploiting Firefox's PDF Viewer and its use of the widespread JavaScript code, the hack seems to capture only "developer focused" files -- think FTP (file transfer protocol) -- at least in Windows. Your personal files and data aren't caught in the attack, but the hack is still alarming.
--- End quote ---

Source: http://www.cnet.com/uk/news/firefox-users-security-flaw-to-fix/

Nod5:
The targetting of developers is scary. I can imagine some attackers being able to do a worm-like cascade of attacks by stealing and then exploiting developer logins and get the malware on more sites. If a developers computer gets infected that means that any code on their computer could also be infected.

I had Firefox set to notify on updates (not autoinstall) on one computer and the update notification popup is really a bit too low key for serious cases like this. Maybe shift to big red flashing letters? :D

mrpeach:
Ah serendipity... I've always hated the built in PDF viewer, and have disabled it for quite a while. Nice to hear that I was protected against this without even being aware of it.

Navigation

[0] Message Index