Mozilla is warning users about a vulnerability in its Firefox Web browser that could allow attackers to steal information from their computer. The browser-maker urges users to update Firefox to the latest available version — v39.0.3 or above – to protect their system from the said vulnerability.
While by default Firefox automatically updates itself, those who have the setting off will have to manually update via the ‘About Firefox’ setting in the Help tab. Earlier this week, the company was notified by security researcher Cody Crews about a malicious ad on a Russian news portal that was exploiting a vulnerability in Firefox’s PDF Viewer, a built-in feature. The exploit seeks sensitive files on the victim’s computer and uploads it to a suspicious server reportedly located in Ukraine.
In the blog post, Veditz also notes that the exploit looks for subversion, s3browser, Firezilla, and libpurple configuration files on the Windows systems. On Linux, the payload checks global configuration files in the /etc directory. It also looks into .bashhistory, .mysqlhistory, .pgsql_history, and .ssh configuration files and keys.
Veditz says that people who use ad-blocking tools might not be affected with the vulnerability either, though it isn’t too sure about that. Regardless, you would want to update your Firefox Web browser to the latest version.