Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Tuesday August 11 2015, @02:06AM   Printer-friendly
from the they-never-stop-trying dept.

http://www.smh.com.au/digital-life/consumer-security/major-firefox-vulnerability-lets-hackers-steal-your-files-using-dodgy-web-ads-20150809-givb77.html

If you needed another reason to install an ad-blocker on your web browser, read on.

Mozilla Firefox users are this week being urged to update to the latest version after an exploit was found being used in the wild which allowed the scooping up of files from users' computers via an ad without leaving a trace behind of the hack.

In a blog post, Mozilla said the ad, found on a Russian news website, was "serving up a Firefox exploit" which allowed code to be run on a user's computer to search files, which were then uploaded to a server in Ukraine. The exploit affects Windows and Linux users; Mac users weren't specifically targeted this time around, but the company warned Mac users "would not be immune" should a hacker decide to target them using the same vulnerability.

And the worst part is, if you're targeted you'll have no way of knowing, because the exploit leaves no trace it has been run on your computer.

If you're like the one million Australians who use ad-blocking software, however, you "may have been protected" from the malicious exploit depending on the type of software you use and the level of filtering, Mozilla has advised. The vulnerability relates to Firefox's PDF viewer, so products without a PDF viewer, such as Firefox for Android mobile devices, were not at risk, it said.

Mozilla is urging anyone using Firefox on Windows or Linux to install the latest Firefox — versions 39.0.3 for personal users and Firefox ESR 38.1.1 for enterprise — which include a patch for the vulnerability.


Original Submission

-- submitted from IRC

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 1, Offtopic) by anubi on Tuesday August 11 2015, @05:55AM

    by anubi (2828) on Tuesday August 11 2015, @05:55AM (#221122) Journal

    We all have seen the uproar from the MAFIAA's over filesharing. Lots of legislative lobbying and buying law.

    Stuff like this just encourages everyone to run ad-blockers, nipping a lot of advertising revenue, yet I do not see the suit-people running all amok over this.

    If people started getting "mesothelioma" over the TV from merely seeing the ad for it, could any Congressman say with a straight face that anyone trying to watch a sanitized version of TV with the ads removed was breaking any sort of law?

    Ever since that Sony/BMG rootkit scandal, I have been leery of any purchased content in a proprietary container. This uneasy feeling is exacerbated by unskippable content on DVD.

    I feel if I am going to pay for it, at least I paid for the right to see what I want to see and skip what I do not want to see. Because I have lost control of my own DVD player, I actually far prefer the pirate version to the purchase version these days... and cost has nothing to do with it. Its more like security. The pirate version is .MP3 or .MP4.

    I am getting less and less control over what purchased content will do in my machine. It infuriates me I am required to take the risk of malware just so some business can play games with proprietary containers.

    I betcha Congress would not stand still for it one second if I insisted in remitting my taxes by forcing them to conform to my proprietary and secret filestructures to get paid.
     
    Likewise, I highly resent it to be forced to conform to someone else's proprietary and secret filestructures just to hear a song or see a movie.

    --
    "Prove all things; hold fast that which is good." [KJV: I Thessalonians 5:21]
    Starting Score:    1  point
    Moderation   0  
       Offtopic=1, Insightful=1, Total=2
    Extra 'Offtopic' Modifier   0  

    Total Score:   1