Russian website exploits Firefox flaw, steals files

By Barry Eitel 

SAN FRANCISCO

A Russian website was found to exploit a vulnerability in Mozilla’s Firefox browser that allow hackers to search and steal files off a user’s computer, according to a report published Friday.

Cyber-security expert Martijn Grooten noted on the Virus Bulletin malware blog that the browser’s Portable Document Format (PDF) reader contains a bug that would allow an attacker to snoop on a computer’s files.

“The vulnerability allows an attacker to create a specially crafted PDF that injects JavaScript code into the local file context,” Grooten noted in his post. “This could be used to upload local files to a server controlled by the attacker.”

The Firefox problem is the latest in a series of recently discovered hacking vulnerabilities, including glaring bugs in Google’s Android and Apple’s iOS mobile operating systems. In most of these cases, experts have identified the issue before any malicious uses were detected. However, with the latest Firefox bug, the glitch was discovered because it was being exploited “in the wild” – tech security-speak meaning that malware online was already attempting to hack into computers via the vulnerability.

An advertisement for an undisclosed brand on an unnamed Russian news site was found to be using the vulnerability to search for specific files and upload them to a server in the Ukraine. It appears the malware was targeting files that are normally used by software developers.

“The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed,” Mozilla researcher Daniel Veditz said in a statement.

Veditz claimed that the malware doesn’t leave any evidence that it ran on an infected machine. Mozilla issued an emergency patch that fixes the issue and urges all Firefox users to update to version 39.0.3.