Firefox Exploit Found In The Wild

HardOCP News · Aug 7, 2015

Mozilla is asking all Firefox users to upgrade immediately to version 39.0.3.

The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the same origin policy) and Firefoxs PDF Viewer. Mozilla products that dont contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.

jardows · Aug 7, 2015

Firefox's PDF reader is junk anyway. I open a document in it, and it is blurry, and sometimes unreadable. Open it up in Acrobat reader, and it is crisp text and images all the way.

nilepez · Aug 7, 2015

I'm not a fan of in browser PDF viewing. I always use an external reader (for better or worse). That said, I suspect if people with noscript, were at no risk (assuming most block all javascript unless it's white listed)

Sp33dFr33k · Aug 7, 2015

I've been using the PDF reader for while, it's not great but I avoid Adobe's products. I figured it wouldn't be long before someone figure out a way to exploit it. I use Adblock, NoScript and browse in Sandboxie so chances are I wouldn't be affected.

velusip · Aug 8, 2015

Always maintain two user accounts for this type of thing. One account that carries your private keys, and the other for basically everything else.

nilepez · Aug 8, 2015

velusip said:
Always maintain two user accounts for this type of thing. One account that carries your private keys, and the other for basically everything else.

2 accounts? What type of accounts?

Firefox Exploit Found In The Wild

HardOCP News

[H] News

jardows

2[H]4U

nilepez

[H]F Junkie

Sp33dFr33k

2[H]4U

velusip

[H]ard|Gawd

nilepez

[H]F Junkie