# Mozilla urges users to update Firefox with file stealing exploit in wild



## TechSocial (Dec 20, 2011)

Earlier this week, Mozilla was notified by security researcher Cody Crews that a malicious advertisement on a Russian news site was exploiting a vulnerability in Firefox's PDF Viewer to search for sensitive files on users' local file systems.

The exploit has been fixed in Firefox 39.0.3 and ported to its extended support release, Firefox ESR 38.1.1.

Versions of the browser that do not include the PDF Viewer, such as Firefox for Android, are not vulnerable.

"The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the 'same origin policy') and Firefox's PDF Viewer," wrote Mozilla security lead Daniel Veditz in a blog post.

Read More


----------

