Yes, I yelled in the title. It's that important! Mozilla urges users to update Firefox with file stealing exploit in wild | ZDNet From the article: "Earlier this week, Mozilla was notified by security researcher Cody Crews that a malicious advertisement on a Russian news site was exploiting a vulnerability in Firefox's PDF Viewer to search for sensitive files on users' local file systems. The exploit has been fixed in Firefox 39.0.3 and ported to its extended support release, Firefox ESR 38.1.1. Versions of the browser that do not include the PDF Viewer, such as Firefox for Android, are not vulnerable." This is something that everyone needs to do quite literally immediately. This was found "in the wild" which means it is an active, current, existing exploit that is on the Internet right now.
Right away - have to boot into the Linux side. Thanks Crap...did an update for Linux Mint 17 and it updated everything but Firefox. Said it could not retrieve the files. It did update Adobe (presumably reader).
To keep the paranoia at the proper level - Firefox 31.8 ESR is not susceptible to the MFSA 2015-78 exploit in default unless "pdfjs.disabled" is set to "false" through "about:config" specifically by the user. Firefox 38.1.1 ESR and 39.0.3 are not vulnerable. It should be pointed out that Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload. Windows users: Just stay off those Russian porn sites, folks. Found the above on a Tech Site, that I watch closely..... BTPost
