Mozilla Patches 0-Day Vulnerability Used to Steal Passwords
Mozilla has released an urgent patch plugging a zero-day vulnerability that a Russian-based website was caught exploiting earlier last week, prompting the open-source organization to deliver an emergency update patching the critical security hole.
The zero-day vulnerability lies within Firefox’s built-in PDF reader, allowing attackers the ability to exploit the browser to steal sensitive data stored on the machine. The attack was found being actively exploited, targeting both Windows and Linux users, Mozilla researcher Daniel Veditz wrote in a blog post Thursday. The exploit targeting Linux users uploaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys. It doesn’t stop there, attackers also have the ability to steal a large number of other files, including MySQL and PhSQL histories as well configurations for remina, FileZilla, and Psi+ text files that contained strings in their names configurations. Shell scripts also have the ability to be stolen.
The attack targeting Windows systems goes after files of interest to software developers. Data targeted in the attack includes subversion, s3browser, and Filezilla configuration files, .purple and Psi+ account information alongside website configuration files for eight different FTP clients.
Apple users running Mozilla Firefox were not targeted by the attack. Attackers were found exploiting the Firefox zero-day through advertisements on an undisclosed Russian news site, but Veditz said the company can’t rule out the fact that the attack may be active across any number of sites.
“The exploit leaves no trace it has been run on the local machine,” Veditz wrote in Mozilla’s security advisory. “If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.”
According to Martijn Grooten, a security researcher at Virus Bulletin, the vulnerability allows attackers to create malicious PDF files that can inject JavaScript code into the local file context. The exploit bypasses the same origin policy, allowing attackers to steal local files as well.
Due to the severity of the FireFox zero-day, Mozilla has issued an emergency patch. We highly urge everyone to check their version of Firefox to ensure you are running the latest 39.0.3 build. The patch has also been released for Firefox ESR 38.1.1.
