A website in Russia has been caught exploiting a serious zero-day vulnerability in Mozilla's Firefox browser, prompting the open-source developer to deliver an emergency update that fixes the flaw.
The bug in a built-in PDF reader allowed attackers to steal sensitive files stored on the hard drives of computers that used the vulnerable Firefox version. The attack was used against both Windows and Linux users, Mozilla researcher Daniel Veditz wrote in a blog post published Thursday. The exploit code targeting Linux users downloaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys. The attacker downloaded several other files, including histories for MySQL and PgSQL and configurations for remina, Filezilla, and Psi+, text files that contained the strings "pass" and "access" in the names. Any shell scripts were also grabbed.
The attack targeting Windows users appeared to go after files of interest to software developers. The targeted data included subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients. Firefox users running Apple's OS X weren't targeted. The exploit was served in an advertisement on an undisclosed Russian news site, but Veditz said he couldn't rule out the possibility that other sites also hosted the attack. Some of those may have targeted Macs in addition to Windows and Linux.