SoylentNews is people
SoylentNews
If you needed another reason to install an ad-blocker on your web browser, read on.
Mozilla Firefox users are this week being urged to update to the latest version after an exploit was found being used in the wild which allowed the scooping up of files from users' computers via an ad without leaving a trace behind of the hack.
In a blog post, Mozilla said the ad, found on a Russian news website, was "serving up a Firefox exploit" which allowed code to be run on a user's computer to search files, which were then uploaded to a server in Ukraine. The exploit affects Windows and Linux users; Mac users weren't specifically targeted this time around, but the company warned Mac users "would not be immune" should a hacker decide to target them using the same vulnerability.
And the worst part is, if you're targeted you'll have no way of knowing, because the exploit leaves no trace it has been run on your computer.
If you're like the one million Australians who use ad-blocking software, however, you "may have been protected" from the malicious exploit depending on the type of software you use and the level of filtering, Mozilla has advised. The vulnerability relates to Firefox's PDF viewer, so products without a PDF viewer, such as Firefox for Android mobile devices, were not at risk, it said.
Mozilla is urging anyone using Firefox on Windows or Linux to install the latest Firefox — versions 39.0.3 for personal users and Firefox ESR 38.1.1 for enterprise — which include a patch for the vulnerability.
-- submitted from IRC
(Score: 0) by Anonymous Coward on Tuesday August 11 2015, @07:45AM
Firefox
24.0
Firefox is up to date.
So, either old versions are not vulnerable, or they still haven't fixed the update checker on Linux.
(Score: 0) by Anonymous Coward on Tuesday August 11 2015, @08:13AM
"Update checker on Linux" is called your distribution's package manager.
(Score: 0) by Anonymous Coward on Tuesday August 11 2015, @08:47AM
you! check for poop!
aw why am i the poop-checker?
(Score: 0) by Anonymous Coward on Tuesday August 11 2015, @01:52PM
The distro package manager is comparable to Windows Update. I'm talking about the update checker built in to Firefox, which doesn't require root, and checks the official Mozilla.org site, rather than whatever mirror the distro package manager checks.
(Score: 0) by Anonymous Coward on Tuesday August 11 2015, @07:58PM
Windows update is hardly comparable to a Linux package manager, both in scope and capability. Although that really is beside the point.
The question is, did you originally install it through the package manager? If you did then you can't expect the in-built update checker to work. If you instead installed it from the download Mozilla provides, then yes it should work, but go complain to them, because who else cares? I'm sure most Linux users use the version provided by their distro, and why would users of other OSes care?
(Score: 0) by Anonymous Coward on Wednesday August 12 2015, @03:27PM
I bloody well can. Anything else would mean that Firefox is made by morons (something I have suspected for a while). And from a develop point of view, the code to check whether or not I'm running the current release is exactly the same, where as adding a check to not work when installer through a distro would take extra Worm.