Welcome to WebmasterWorld Guest from 54.83.93.85

Forum Moderators: open

Message Too Old, No Replies

Firefox Exploit in the Wild: Mozilla Patches With V39.0.3

Mozilla urges you update Firefox to V 39.0.3 immediately.

     
1:42 pm on Aug 7, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25785
votes: 834


Mozilla has moved swiftly to patch an exploit to Firefox which was discovered in-the-wild. The exploit, running from an advert on a news site, would search for sensitive files on a desktop machine and upload them to a server, which Mozilla says, appeared to be in Ukraine.

Mozilla urges you update Firefox to V 39.0.3 immediately.

The files it was looking for were surprisingly developer focused for an exploit launched on a general audience news site, though of course we don’t know where else the malicious ad might have been deployed. On Windows the exploit looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. On Linux the exploit goes after the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts. Mac users are not targeted by this particular exploit but would not be immune should someone create a different payload.
The exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used. Firefox Exploit in the Wild: Mozilla Patches With V39.0.3 [blog.mozilla.org]
5:24 pm on Aug 7, 2015 (gmt 0)

Preferred Member from AU 

10+ Year Member Top Contributors Of The Month

joined:May 27, 2005
posts:442
votes: 7


Hmmm, Firefox 5 was a good vintage.
4:35 am on Aug 8, 2015 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12215
votes: 361


Thanks. FF generally makes it pretty easy to apply patches, and I updated this one immediately.
12:17 pm on Aug 8, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2835
votes: 148


This is too much. From now on everything network facing runs with an apparmor profile enforced to partially sandbox this - and I may tighten the profiles a bit as well.
8:54 pm on Aug 8, 2015 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2226
votes: 139


I wonder how other Firefox users who aren't fans of WebmasterWorld will be alerted - I haven't seen any comment in Australian newspapers or other media.
9:25 am on Aug 9, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2835
votes: 148


Most people should get updates through whatever mechanism Firefox supports on their OS.
11:32 am on Aug 9, 2015 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2226
votes: 139


I haven't seen a thing except for WebmasterWorld
1:05 pm on Aug 9, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25785
votes: 834


It's odd it hasn't got wider coverage, I agree. Try tweeting it and sending the WebmasterWorld Link :)
6:42 pm on Aug 9, 2015 (gmt 0)

Moderator from US 

WebmasterWorld Administrator robert_charlton is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month

joined:Nov 11, 2000
posts:12215
votes: 361


Just a guess that Mozilla may assume that most users have got FF set to update automatically. I forget what the default is; Mozilla probably knows. Depending upon your machine and the kind of work you do on it, though, this option can be disruptive.

There also was a time, I believe, when asking FF manually to check for updates would result in an automatic install if an update were present. The current version, at any rate, has the good manners to ask for permission before installing the patch.


PS: There is a Mozilla Security account on Twitter.... @mozsec ...Not much chance, though, that you're likely to catch a tweeted announcement.

You'd think that Mozilla would have figured out a non-intrusive way by now to flag users about security matters... but that's true of a lot of service providers and sites on the web... and, depending on the problem, it's not always simple for users to comply. In this particular case it is.
1:51 am on Aug 10, 2015 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2226
votes: 139


Hooray, the story just made it to a Sydney newspaper 45 minutes ago.

[smh.com.au ]
11:22 pm on Aug 10, 2015 (gmt 0)

Senior Member from CA 

WebmasterWorld Senior Member encyclo is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Aug 31, 2003
posts:9074
votes: 6


I got the update notification from Firefox well before I saw any news about the exploit. I don't think that newspaper reports are going to do anything to get the average user to update. The auto-update mechanisms in modern browsers (and in windows 10 for that matter) are huge steps forward for online security.

The exploit, running from an advert on a news site


Which is why you should always block all third-party ads on all websites and in all circumstances. :)
5:58 am on Aug 11, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Nov 16, 2005
posts:2835
votes: 148


I got the update notification from Firefox well before I saw any news about the exploit.


Works as expected. That is how it is supposed to work - users should not be relying on the media to tell them to update.

The auto-update mechanisms in modern browsers (and in windows 10 for that matter) are huge steps forward for online security.


A rather late step: some of us have taken it for granted that the OS and all apps auto-update for a decade.
11:46 am on Aug 11, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25785
votes: 834


I got the update notification from Firefox well before I saw any news about the exploit.


Interestingly, I left one of my machines on to see when it was going to update, starting FF every so often, and it took two days before the automatic FF update took place. That's too long, imho.
9:45 am on Aug 12, 2015 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2226
votes: 139


My Windows 10 Laptop just updated to Firefox 40.0 plus showing a "commercial" page about Firefox and Windows 10 working together seamlessly yadda, yadda.
3:14 pm on Aug 13, 2015 (gmt 0)

Senior Member from GB 

WebmasterWorld Senior Member redbar is a WebmasterWorld Top Contributor of All Time 5+ Year Member Top Contributors Of The Month

joined:Oct 14, 2013
posts:3109
votes: 446


Yeah, all my machines had notifications pop-up yesterday, it was a very small update whatever it was.
3:36 pm on Aug 13, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25785
votes: 834


Blink and you'll miss it, FF is now on V40.0
10:38 pm on Aug 13, 2015 (gmt 0)

Senior Member from AU 

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month

joined:Aug 22, 2003
posts: 2226
votes: 139


Blink and you'll miss it, FF is now on V40.0

Was that Windows 10 or not? I ask because when I quickly updated as a result of this thread on Win 8.1 it only went to FF 39.3 [I think]. Having now gone to Win 10 yesterday, it updated to FF 40.0 The update was about 18 Mb from memory - hence the blink.
8:56 am on Aug 14, 2015 (gmt 0)

Administrator from GB 

WebmasterWorld Administrator engine is a WebmasterWorld Top Contributor of All Time 10+ Year Member Top Contributors Of The Month Best Post Of The Month

joined:May 9, 2000
posts:25785
votes: 834


Not Win 10, IanCP, Win 8.1 machine now has FF 40.0 on it.
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

Featured Threads

Free SEO Tools

Hire Expert Members