Connect with us

Hi, what are you looking for?



Mozilla Patches Firefox Zero-Day Exploited in the Wild

Mozilla updated Firefox to version 39.0.3 on Thursday to address a critical vulnerability that has been exploited in the wild.

Mozilla updated Firefox to version 39.0.3 on Thursday to address a critical vulnerability that has been exploited in the wild.

The company learned of the zero-day flaw on Wednesday morning after being informed by a user that an ad displayed on a Russian news website had been serving an exploit designed to search for sensitive files on the victim’s system and upload them to a remote server.

“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer,” Mozilla said in a blog post.

The security hole does not affect Firefox for Android and other Mozilla products that don’t contain the PDF Viewer component.

The vulnerability (CVE-2015-4495), reported by researcher Cody Crews, cannot be exploited to execute arbitrary code, but it allows an attacker to inject a JavaScript payload into the local file context. In the attack spotted in the wild, the attacker leveraged the vulnerability to steal local files containing potentially sensitive information.

According to Mozilla, the attacker has been targeting certain types of files hosted on Windows and Linux systems. The exploit used in this attack is not designed to target Apple devices, but the company warns that Mac users are also at risk because the payload can be adapted.

The malware is designed to look for S3 Browser, Apache Subversion, and Filezilla configuration files; website configuration files for eight popular FTP clients; and .purple and Psi+ Jabber account information on Windows systems. On Linux, the exploit steals configuration files such as /etc/passwd; .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys; shell scripts; configuration files for Filezilla, Remmina, and Psi+; and text files whose name contains the strings “access” and “pass.” The stolen data is uploaded to a server located in Ukraine.

Advertisement. Scroll to continue reading.

Mozilla says it’s surprising that the malware is designed to target developer-related files considering that it has been served on a news websites. However, it’s possible that the exploit was deployed on other types of sites as well.

Firefox for Windows and Firefox for Linux users are advised to change passwords and keys found in the files targeted by the attackers. The exploit is designed not to leave any traces on the targeted system.

Mozilla has pointed out that since the exploit was delivered via an advertisement, ad-blocking software, depending on how it was configured, might have mitigated the attack.

The vulnerability has been patched with the release of Firefox 39.0.3 and Firefox ESR 38.1.1. Users are advised to update their installations as soon as possible.

Related: Mozilla Patches Critical Vulnerabilities With Release of Firefox 39

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content


Less than a week after announcing that it would suspended service indefinitely due to a conflict with an (at the time) unnamed security researcher...

Data Breaches

OpenAI has confirmed a ChatGPT data breach on the same day a security firm reported seeing the use of a component affected by an...

Risk Management

The supply chain threat is directly linked to attack surface management, but the supply chain must be known and understood before it can be...


The latest Chrome update brings patches for eight vulnerabilities, including seven reported by external researchers.


Patch Tuesday: Microsoft warns vulnerability (CVE-2023-23397) could lead to exploitation before an email is viewed in the Preview Pane.


Apple has released updates for macOS, iOS and Safari and they all include a WebKit patch for a zero-day vulnerability tracked as CVE-2023-23529.

IoT Security

A group of seven security researchers have discovered numerous vulnerabilities in vehicles from 16 car makers, including bugs that allowed them to control car...

IoT Security

A vulnerability affecting Dahua cameras and video recorders can be exploited by threat actors to modify a device’s system time.