Firefox vulnerability lets hackers steal files through malicious online ads

Mozilla has uncovered and subsequently patched a new vulnerability in Firefox that would allow hackers to pinch sensitive files from a user's computer via malicious advertisements. The advertisement in question was served on a Russian news website, and searched users’ computers for "developer focused" documents such as site configuration files for eight popular FTP clients.

Mozilla Security Lead Daniel Veditz said the vulnerability affects both Windows and Linux versions of Firefox, but the current exploit did not target the Mac version. Mozilla products that don't contain the company's PDF Viewer, such as Firefox for Android, are not affected.

While the files the malicious advertisement searched for wouldn’t necessarily be found on the average consumer's computer, a different version of the exploit could theoretically be used to capture other kinds of personal information. Veditz said that Mac users "would not be immune" if another hacker were to utilise the same vulnerability.

Veditz said that individuals who use ad-blocking software such as AdBlock Plus and uBlock may have been protected from the exploit, depending on the specific extension and filters being used.

All Firefox users are urged to update to Firefox 39.0.3. Users can see if their version of Firefox is up to date by opening the settings menu (designated by three parallel lines), clicking the question mark icon in the bottom right hand corner and then selecting "About Firefox".