Security Market Segment LS
Sunday, 09 August 2015 22:52

URGENT: Update your Firefox browser NOW Featured


If you’re using Firefox, a new exploit found in the wild uploading sensitive files to a server in Ukraine needs patching with the latest version of Mozilla’s browser NOW.

Mozilla has issued a blog post and a security advisory that you need to know about.

On the 5th of August, a Firefox user informed Mozilla that ‘an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine.’

Naturally, Mozilla has urged its users to update to Firefox 39.0.3, Firefox OS 2.2 (on Firefox phones) and Firefox ESR 38.1.1, which fixes the vulnerability.

Mozilla’s blog post explains that ‘the vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer.’

In case you’re wondering, Mozilla explains that its ‘products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.’

On Mac OS X, start Firefox, click on the bold word Firefox next to the Apple symbol at the top left hand corner, and click on 'About Firefox'. This will check for udpates and will show you the current version number. If any updates are available, they will commence downloading, after which you will be prompted to restart Firefox to complete the update. 

Firefox should be automatically set to install security updates, but if you have older versions there's no guarantee you have this setting on. 

On Windows, start Firefox. If you have a dropdown Firefox menu at the top left hand corner of the Firefox browser window, you definitely have an older version.

If you see this version, select Help and then click on 'About Firefox.'

If you have a newer version, you won't see the dropdown Firefox menu on the left, but you will see the three line 'hamburger menu' on the end right hand side on the icons to the right of the address bar and the search box.

To immediately and manually check for updates, click on the three line hamburger menu icon again, and then at the bottom of the menu, click on the 'question mark' symbol.

This brings up the help menu options, at the bottom of which is 'About Firefox'. Do this and the same checking for updates sequence will occur as with Mac OS X, showing you the version number and downloading any updates that are available, after which you will be prompted to 'Restart to Update'. 

On the PC and Mac versions of Firefox, you can also click the three line hamburger icon and you'll see menu pop-up. At the bottom is 'options', which loads the preferences/options page in 'General'. On the left hand side of the screen, you'll see a list of settings headings.

The last one is called 'Advanced', which when clicked on gives you opens the advanced settings, which includes an 'updates' heading. Click it and you should see that 'Automatically install updates (recommended: improved security)' is selected and that 'Warn me if this will disable any of my add-ons' is ticked. 

This should keep you updated automatically but if you haven't been using Firefox for a while it's a good idea to do a manual check just to be sure.

Mozilla advises that ‘the exploit leaves no trace it has been run on the local machine. If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs. People who use ad-blocking software may have been protected from this exploit depending on the software and specific filters being used.’

For additional technical details, please visit the blog post and the security advisory.


As part of our Lead Machine Methodology we will help you get more leads, more customers and more business. Let us help you develop your digital marketing campaign

Digital Marketing is ideal in these tough times and it can replace face to face marketing with person to person marketing via the phone conference calls and webinars

Significant opportunity pipelines can be developed and continually topped up with the help of Digital Marketing so that deals can be made and deals can be closed

- Newsletter adverts in dynamic GIF slideshow formats

- News site adverts from small to large sizes also as dynamic GIF slideshow formats

- Guest Editorial - get your message out there and put your CEO in the spotlight

- Promotional News and Content - displayed on the homepage and all pages

- Leverage our proven event promotion methodology - The Lead Machine gets you leads

Contact Andrew our digital campaign designer on 0412 390 000 or via email



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Alex Zaharov-Reutt

One of Australia’s best-known technology journalists and consumer tech experts, Alex has appeared in his capacity as technology expert on all of Australia’s free-to-air and pay TV networks on all the major news and current affairs programs, on commercial and public radio, and technology, lifestyle and reality TV shows. Visit Alex at Twitter here.



Recent Comments