“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. The fix has also been shipped in Firefox ESR 38.1.1.” “All Firefox users are urged to update to Firefox 39.0.3.
“This morning Mozilla released security updates that fix the vulnerability,” Veditz reports.
“Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine,” Daniel Veditz reports via the official Mozilla Security Blog.
