The exploit was first reported by a Russian Firefox user and then documented by security researcher Cody Crews. It is reportedly used through an unnamed Russian news site by means of an advert and allows the attacker to upload files from a computer through Firefox’s in-built PDF viewer – effectively stealing sensitive data from one’s PC. The files were then apparently uploaded to a server in Ukraine.
In a post on their security blog, Mozilla urged all of their users to either update to the recently released 39.0.3 Firefox version or to Firefox EST 38.1.1, both of which were patched to eliminate the vulnerability through security updates.
While this didn’t allow hackers to run scripts through the browser, so it couldn’t be used directly for virus spreading, it did offer them the possibility of searching the user’s PC for files, possibly giving them access to sensitive information. However, looking at the files used through the particular Russian news site exploit, whoever ran it seemed to be looking more developer-focused files, from Firefox configuration files to account information for multiple sites.
The worst part is the fact that the exploit doesn’t leave traces of itself on the systems it was used on, so no one can really be sure if they’ve fallen victims to it, while Mozilla as well can’t guarantee that it wasn’t being used through other means elsewhere on the web. The safest bet in this situation is to make sure you change all of your important account passwords and report everything you think is strange to their respective sites.
However. Veditz did state in the blog post that people who are using ad blocking services could have been protected from the exploit, depending on its filters. He did not offer anymore specifics about it, but supposedly if you run an ad-blocker app set to block all adds across all sites you’ve got the best chances of not having been affected by the exploit.
Image Source: thehackernews.com