Jump to content

Firefox PDF viewer exploit used to access local files [Already Patched]

burnttoastnice
By burnttoastnice
in Tech News
 Share
Posted

A bug was discovered which allows a remote attacker to gain access to a local user's filesystem through an exploit in Firefox's PDF.js viewer. This bug is being actively exploited in Russia, where malicious advertisements use the PDF.js local context to look for password credential files and upload them to a server. It is thought that this attack is mainly aimed at developers.

 

 

The malware that took advantage of the bug in Firefox's Javascript-based PDF reader was being deployed through ads that appeared on a Russian news site. The malware would search for sensitive files on people's PCs and then upload them to a server in Ukraine.

As the vulnerability only affects Firefox's PDF.js reader, that means only the desktop version of Firefox is affected by it, but not the Android version. According to Mozilla, the vulnerability doesn't enable the execution of arbitrary code, but the exploit was able to inject a Javascript payload into the local file context that allowed it to search for local files.

The somewhat good news here is that the exploit seems to have targeted mainly developers, despite being deployed on a major Russian news site. For instance, on Windows it looked for the configuration files of various FTP clients, including Filezilla. On Linux, it targeted configuration files such as /etc/passwd, .bash_history, .mysql_history, .pgsql_history, and .ssh. Mac users were not targeted by this exploit, but they would not be immune to a different payload utilizing the same Firefox vulnerability.

 

Sauce: http://www.tomshardware.co.uk/firefox-security-vulnerability-upgrade-patch,news-50953.html

 

I use Firefox for development myself and only visit a few websites on it (Mainly just LTT, The Verge and a few other well-reputable sites). If you're a developer and you've visited a russian news site recently, I'd strongly advise changing your passwords etc. I use a web IDE to work on my own site, and there doesn't appear to be too much information regarding whether the exploit extracts passwords from your Firefox profile.

 

TL;DR - Go into your Firefox settings right NOW and set a master password - it will encrypt all your other saved passwords.

 

Edit

@Syntaxvgm pointed out that as long as you are on version 39.0.3 you are good.

 

Just to note:
Alt>Help>Version
39.0.3 and you are good

Speedtests

WiFi - 7ms, 22Mb down, 10Mb up

Ethernet - 6ms, 47.5Mb down, 9.7Mb up

 

Rigs

Spoiler

 Type            Desktop

 OS              Windows 10 Pro

 CPU             i5-4430S

 RAM             8GB CORSAIR XMS3 (2x4gb)

 Cooler          LC Power LC-CC-97 65W

 Motherboard     ASUS H81M-PLUS

 GPU             GeForce GTX 1060

 Storage         120GB Sandisk SSD (boot), 750GB Seagate 2.5" (storage), 500GB Seagate 2.5" SSHD (cache)

 

Spoiler

Type            Server

OS              Ubuntu 14.04 LTS

CPU             Core 2 Duo E6320

RAM             2GB Non-ECC

Motherboard     ASUS P5VD2-MX SE

Storage         RAID 1: 250GB WD Blue and Seagate Barracuda

Uses            Webserver, NAS, Mediaserver, Database Server

 

Quotes of Fame

On 8/27/2015 at 10:09 AM, Drixen said:

Linus is light years ahead a lot of other YouTubers, he isn't just an average YouTuber.. he's legitimately, legit.

On 10/11/2015 at 11:36 AM, Geralt said:

When something is worth doing, it's worth overdoing.

On 6/22/2016 at 10:05 AM, trag1c said:

It's completely blown out of proportion. Also if you're the least bit worried about data gathering then you should go live in a cave a 1000Km from the nearest establishment simply because every device and every entity gathers information these days. In the current era privacy is just fallacy and nothing more.

 

Link to comment
Share on other sites
Link to post
Share on other sites
Posted

Just to note:

Alt>Help>Version

39.0.3 and you are good

muh specs 

Gaming and HTPC (reparations)- ASUS 1080, MSI X99A SLI Plus, 5820k- 4.5GHz @ 1.25v, asetek based 360mm AIO, RM 1000x, 16GB memory, 750D with front USB 2.0 replaced with 3.0  ports, 2 250GB 850 EVOs in Raid 0 (why not, only has games on it), some hard drives

Screens- Acer preditor XB241H (1080p, 144Hz Gsync), LG 1080p ultrawide, (all mounted) directly wired to TV in other room

Stuff- k70 with reds, steel series rival, g13, full desk covering mouse mat

All parts black

Workstation(desk)- 3770k, 970 reference, 16GB of some crucial memory, a motherboard of some kind I don't remember, Micomsoft SC-512N1-L/DVI, CM Storm Trooper (It's got a handle, can you handle that?), 240mm Asetek based AIO, Crucial M550 256GB (upgrade soon), some hard drives, disc drives, and hot swap bays

Screens- 3  ASUS VN248H-P IPS 1080p screens mounted on a stand, some old tv on the wall above it. 

Stuff- Epicgear defiant (solderless swappable switches), g600, moutned mic and other stuff. 

Laptop docking area- 2 1440p korean monitors mounted, one AHVA matte, one samsung PLS gloss (very annoying, yes). Trashy Razer blackwidow chroma...I mean like the J key doesn't click anymore. I got a model M i use on it to, but its time for a new keyboard. Some edgy Utechsmart mouse similar to g600. Hooked to laptop dock for both of my dell precision laptops. (not only docking area)

Shelf- i7-2600 non-k (has vt-d), 380t, some ASUS sandy itx board, intel quad nic. Currently hosts shared files, setting up as pfsense box in VM. Also acts as spare gaming PC with a 580 or whatever someone brings. Hooked into laptop dock area via usb switch

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Tech News

×