Security Market Segment LS
Sunday, 09 August 2015 22:52

URGENT: Update your Firefox browser NOW Featured


If you’re using Firefox, a new exploit found in the wild uploading sensitive files to a server in Ukraine needs patching with the latest version of Mozilla’s browser NOW.

Mozilla has issued a blog post and a security advisory that you need to know about.

On the 5th of August, a Firefox user informed Mozilla that ‘an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine.’

Naturally, Mozilla has urged its users to update to Firefox 39.0.3, Firefox OS 2.2 (on Firefox phones) and Firefox ESR 38.1.1, which fixes the vulnerability.

Mozilla’s blog post explains that ‘the vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer.’

In case you’re wondering, Mozilla explains that its ‘products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.’

On Mac OS X, start Firefox, click on the bold word Firefox next to the Apple symbol at the top left hand corner, and click on 'About Firefox'. This will check for udpates and will show you the current version number. If any updates are available, they will commence downloading, after which you will be prompted to restart Firefox to complete the update. 

Firefox should be automatically set to install security updates, but if you have older versions there's no guarantee you have this setting on. 

On Windows, start Firefox. If you have a dropdown Firefox menu at the top left hand corner of the Firefox browser window, you definitely have an older version.

If you see this version, select Help and then click on 'About Firefox.'

If you have a newer version, you won't see the dropdown Firefox menu on the left, but you will see the three line 'hamburger menu' on the end right hand side on the icons to the right of the address bar and the search box.

To immediately and manually check for updates, click on the three line hamburger menu icon again, and then at the bottom of the menu, click on the 'question mark' symbol.

This brings up the help menu options, at the bottom of which is 'About Firefox'. Do this and the same checking for updates sequence will occur as with Mac OS X, showing you the version number and downloading any updates that are available, after which you will be prompted to 'Restart to Update'. 

On the PC and Mac versions of Firefox, you can also click the three line hamburger icon and you'll see menu pop-up. At the bottom is 'options', which loads the preferences/options page in 'General'. On the left hand side of the screen, you'll see a list of settings headings.

The last one is called 'Advanced', which when clicked on gives you opens the advanced settings, which includes an 'updates' heading. Click it and you should see that 'Automatically install updates (recommended: improved security)' is selected and that 'Warn me if this will disable any of my add-ons' is ticked. 

This should keep you updated automatically but if you haven't been using Firefox for a while it's a good idea to do a manual check just to be sure.

Mozilla advises that ‘the exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.’

For additional technical details, please visit the blog post and the security advisory.


You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer


QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.



iTWire can help you promote your company, services, and products.


Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments