Mozilla Firefox Security Issues and Updates: Are You Vulnerable? How To Protect Yourself From Recent Exploit

By Mark Rollins
Mozilla Firefox.
How to protect yourself from recent Firefox Exploit Mozilla

Personally, I don't use Internet Explorer for when I want to surf the Web.  I prefer the convenience of Mozilla Firefox, but a recent exploit has allowed this popular web browser to be vulnerable.  Fortunately, it is possible to protect yourself from this Mozilla Firefox Security issue by following the steps listed here. 

According to Gizmodo, there is an exploit in Firefox that is out "in the wild" on the Internet that can search for and even upload files from your computer.  This exploit uses a server in Ukraine, and injects JavaScript to search your computer and can potentially upload files, leaving no trace on a computer that anything actually happened.  However, it is possible to install and update the solution. 

The Mozilla blog explains the vulnerability, which comes "from the interaction of the mechanism that enforces JavaScript context separation and Firefox's PDF Viewer".  It also said that "the vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files." 

This vulnerability was looking for some "developer focused" files.  On Windows, this exploit looked for subversion, s3browser, and Filezilla configurations files .purple and Psi+ account information, and site configuration files from eight different popular FTP clients.  On Linux, the exploit went after the usual global configuration files like /etc/passwd, and then in all the user directores it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with "pass" and "access" in the names, and any shell scripts.  It should be known that Mac users are not targeted by this particular exploit, but it is possible to create a different payload. 

Mozilla Support recommends that if you use Firefox on Windows and Linux for any of the programs listed above, it would be "prudent" to change any keys and passwords used there.  It is possible that those who use ad-blocking software might be protected from this exploit, but if you want to make certain that you are protected, follow this simple steps. 

According to Mozilla, you can protect yourself from the exploit by updating to Firefox 39.0.3.  Firefox is actually set to automatically update, but you can also do this manually.  All that is required is to go to the Toolbar and click the Menu button.  The Menu button is three small lines stacked on top of each other, and it is located all the way to the right. 

After clicking the Menu button, click the Help button, which is the question mark located in the lower right corner.  After you Select "About Firefox", the About Mozilla Firefox Window will open and Firefox will begin checking for updates and will download them automatically. 

You should be able to see the bytes of the updating being downloaded, and once the updates are installed, you can click a button that will read "Restart Firefox to Update".