Yesterday, one of the folks at the Mozilla office noticed that an ad from a Russian news site was exploiting a serious vulnerability in the Firefox browser.
Engadgets reports that according to a Mozilla security post, the attacker was able to bypass the browser's "origin policy" (its front line of security), inject a malicious javascript script and download sensitive local files to a server in the Ukraine.
Mozilla said the attack was "surprisingly developer focused for an exploit launched a general audience news site," as it sought things like browser and FTP configuration files. The company added that the "exploit leaves no trace that it has run on the local machine."
According to Engadget, Mozilla said the malicious scripts can affect PC and Linux computers, but not Macs. However, Apple users are still advised to update, as hackers could develop a different attack script for OS X.
Luckily for everyone, the person who spotted the flaw was security researcher Cody Crews, who immediately notified Mozilla who has patched the flaw with Firefox version 39.0.3, so now would be a good time to get it.
0 comments:
Post a Comment