Use Firefox? You need this security update, stat
Users of Firefox on PCs are advised to upgrade the browser to protect themselves against an exploit recently reported by a user to Mozilla, the makers of Firefox.
In a blog post Thursday, Mozilla's Daniel Veditz wrote, "a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1."
The vulnerability comes from a mechanism involved in Firefox's PDF viewer. Mozilla products that don't contain the PDF Viewer, such as Firefox for Android, are not vulnerable. Apple users are not affected by the particular exploit observed "in the wild," but Mozilla said they "would not be immune should someone create a different payload," referring to the malicious code that looks for and uploads files.
It seems that the payload is targeted mainly at the types of files that developers create, but Mozilla recommends all users on Windows or Linux machines update their browsers. A list of file types can be found in the blog post. Mozilla recommended changing any passwords associated with targeted files and warned, "The exploit leaves no trace it has been run on the local machine."
The blog post added that "people who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used."