UPDATE FIREFOX RIGHT NOW!

Discussion in 'Technical' started by DarkLight, Aug 7, 2015.


Tags:
  1. DarkLight

    DarkLight I self identify as a Blackhawk Attack Helicopter! Site Supporter

    Yes, I yelled in the title. It's that important!

    Mozilla urges users to update Firefox with file stealing exploit in wild | ZDNet

    From the article:
    "Earlier this week, Mozilla was notified by security researcher Cody Crews that a malicious advertisement on a Russian news site was exploiting a vulnerability in Firefox's PDF Viewer to search for sensitive files on users' local file systems.

    The exploit has been fixed in Firefox 39.0.3 and ported to its extended support release, Firefox ESR 38.1.1.

    Versions of the browser that do not include the PDF Viewer, such as Firefox for Android, are not vulnerable."
    This is something that everyone needs to do quite literally immediately. This was found "in the wild" which means it is an active, current, existing exploit that is on the Internet right now.
     
    oldawg, melbo, Altoidfishfins and 5 others like this.
  2. Motomom34

    Motomom34 Moderator Moderator Site Supporter++

    Will do! Thanks for the heads up @DarkLight

    Done!
     
    Last edited: Aug 7, 2015
  3. Altoidfishfins

    Altoidfishfins Monkey++

    Right away - have to boot into the Linux side.
    Thanks
    Crap...did an update for Linux Mint 17 and it updated everything but Firefox. Said it could not retrieve the files. It did update Adobe (presumably reader).
     
    Last edited: Aug 8, 2015
    melbo likes this.
  4. BTPost

    BTPost Old Fart Snow Monkey Moderator

    To keep the paranoia at the proper level - Firefox 31.8 ESR is not susceptible to the MFSA 2015-78 exploit in default unless "pdfjs.disabled" is set to "false" through "about:config" specifically by the user.

    Firefox 38.1.1 ESR and 39.0.3 are not vulnerable.

    It should be pointed out that Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.

    Windows users: Just stay off those Russian porn sites, folks.


    Found the above on a Tech Site, that I watch closely..... BTPost
     
    Tully Mars likes this.
  5. melbo

    melbo Hunter Gatherer Administrator Founding Member

    39.0.3 on Linux here
     
  1. Yard Dart
  2. GhostX
  3. Yard Dart
  4. Salted Weapon
  5. DarkLight
  6. Motomom34
  7. lonewolf88
  8. Garand69
  9. chelloveck
  10. DLConcepts
  11. stg58
  12. DarkLight
  13. DarkLight
  14. Ganado
  15. Yard Dart
  16. Ganado
  17. Motomom34
  18. Yard Dart
  19. Yard Dart
  20. HK_User
survivalmonkey SSL seal        survivalmonkey.com warrant canary
17282WuJHksJ9798f34razfKbPATqTq9E7