Jump to content

Mozilla Patches Bug Used in Active Attacks


Recommended Posts



"Mozilla has released a patch for a vulnerability in Firefox that was discovered when a user found it being actively exploited in the wild.


The bug affects Firefox’s PDF viewer and Mozilla officials said that the exploit being used by attackers right now looked for specific files on a targeted machine and uploads them to a remote server. It does not allow for remote code execution, though. Mozilla said the exploit goes after Windows, Linux, and Mac machines.


“The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed. On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients,” Daniel Veditz of Mozilla said in a blog post.


“On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts.

A Firefox user discovered the exploit being served by a malicious ad on a Russian news site. The exploit then looks for the sensitive files on the victim’s machine and then uploads them to a server that Mozilla officials say appears to be in Ukraine.


Mozilla has patched the vulnerability in Firefox 39.0.3. The bug doesn’t affect Firefox on Android or other products that don’t include the PDF viewer."

Much more and links in the article here: https://threatpost.com/mozilla-patches-bug-used-in-active-attacks/114172#sthash.FGKlDqb7.dpuf

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

RVers Online University


Our program provides accurate individual wheel weights for your RV, toad, and tow vehicle, and will help you trim the pounds if you need to.

Dish For My RV.

RV Cable Grip

RV Cable Grip

All the water you need...No matter where you go

Rv Share

RV Air.

Find out more or sign up for Escapees RV'ers Bootcamp.

Advertise your product or service here.

The Rvers- Now Streaming

RVTravel.com Logo

  • Create New...