A bug in Firefox allows hackers to steal files from your hard drive

Mozilla announced in a security-related blog post last night that a Firefox user in Russia has discovered a bug in the web browser that allows hackers to steal sensitive files from your computer. The good news is that most Firefox users don’t have to worry about the bug because the files that are being targeted are “surprisingly developer focused,” and to top it all off, Mozilla already has a patch for the bug so make sure your restart your browser so it can install. 

Mozilla is urging all Firefox users to update their browser following the discovery of a file-stealing exploit. A user in Russia this week found and disclosed a bug that searches for sensitive files and uploads them to a remote server. A day later, Mozilla released security updates to Firefox 39.0.3 that patch the vulnerability. The fix has also been shipped to Firefox ESR 38.1.1. To update your browser to the latest version, open the menu button (the three lines in the upper right corner), click help (the question mark at the bottom), and select “About Firefox.” A pop-up window will automatically check for and download updates; if you’re running a version below 39.0.3, be sure to click “Restart Firefox to Update.” The exploit, first spotted on a Russian news site, was made possible by an error in the interaction between JavaScript context separation and the browser’s PDF Viewer. Windows and Linux users should definitely install the update; Macs were not affected, but could certainly benefit from the latest version.