A post on the official Mozilla Security Blog revealed an exploit that was discovered by a user of the company's Internet browser, along with the means to fix the discovered issue.
A Firefox user informed Mozilla that there was an advertisement on a news website in Russia that was serving an exploit for the Internet browser. The exploit would search for sensitive files and then upload the files to a server apparently hosted in Ukraine.
The issue stems from the interaction of the same origin policy, which is the mechanism for JavaScript context separation, and the PDF Viewer of Firefox. As such, as products of Mozilla which do not use the PDF Viewer, such as the version of Firefox for the Android operating system, are not affected by the problem.
While the discovered vulnerability did not allow hackers to execute arbitrary code, the exploit allows the injection of a JavaScript payload into a local file context. This allows the exploit to search and then upload local files, which could be sensitive in nature.
The files that the exploit was searching for, however, had a focus on developers, which is surprising given that fact that it was launched through a news website that had a general audience. Mozilla admits though that aside from the Russian website, it did not know if the malicious advertisement was also deployed in other websites.
The exploit looks for different kinds of configuration files on Windows and Linux systems. Users on Mac systems were not among the targets of the discovered exploit, though Firefox users on a Mac will not be immune to the issue if a different payload was created to work with the vulnerability.
The exploit does not leave a trace of being unleashed on local machines. As such, Firefox users on Windows and Linux systems should exercise caution and make changes to passwords and keys associated with the affected configuration files. Mozilla also said that users that have advertisement-blocking programs could have had protection against the exploit, but it depended on the program used and the filters applied by it.
To protect themselves from the potentially harmful exploit, users will simply have to upgrade to Firefox 39.0.3, which includes the security update that Mozilla released in response to learning of the vulnerability.