1 min read

New Firefox Zero-Day Vulnerability Nabs Local Files and Leaves No Traces

Liviu ARSENE

August 07, 2015

New Firefox Zero-Day Vulnerability Nabs Local Files and Leaves No Traces

A new Firefox exploit has been reported as already being used in the wild via aware-serving websites, enabling attackers to collect sensitive local files and upload them to an attacker-controlled server, leaving no trace of the payload’s presence.

Although the vulnerability does not involve executing arbitrary code on the local machine, it is used to “inject a JavaScript payload into the local file context.”

“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer,” wrote Daniel Veditz on the official Mozilla blog. “Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.”

The vulnerability does apparently affect Windows, Linux and Mac users, but not Android Firefox users. The reported incident, however, seems to only affect Windows and Linux users, although Mac fans could be targeted if the payload were to be slightly manipulated.

“On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients,” wrote Veditz. “On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts.”

Those who rely on adware-blocking services to browse without ads may have been safe from the vulnerability, depending on the type of software and filters.

The issue is said to have already been fixed with the new Firefox 39.0.3 and Firefox ESR 38.1.1 versions, but users are still encouraged to change all passwords or keys found in the above-mentioned files to prevent subsequent breaches.

tags


Author



Right now

Top posts

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

Watch Out for These Ongoing Bank of America Phishing Campaigns Targeting Customers in the US

July 16, 2021

3 min read
How to protect yourself against cyberstalking

How to protect yourself against cyberstalking

July 06, 2021

2 min read
The Top Five Security Risks Smartphone Users Face Today

The Top Five Security Risks Smartphone Users Face Today

July 02, 2021

4 min read
Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

Phishing Alert: Scammers Use Fake SharePoint and DocuSign Messages to Steal Users’ Login Credentials

July 02, 2021

3 min read
Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

Your Doxxing Dossier Will Keep Growing Thicker Until You See the Danger

June 30, 2021

2 min read
Mobile security threats: reality or myth?

Mobile security threats: reality or myth?

June 13, 2021

3 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks FBI Warns that Tokyo 2020 Summer Olympics Is Prime Target for Cyberattacks
Silviu STAHIE

July 27, 2021

1 min read
Patch your iPhones and Macs against "actively exploited" zero-day right now Patch your iPhones and Macs against "actively exploited" zero-day right now
Graham CLULEY

July 27, 2021

2 min read
Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands Fraud Family cybercrime ring under the spotlight as arrests made in the Netherlands
Graham CLULEY

July 23, 2021

3 min read