Mozilla has posted a warning about a Firefox vulnerability that is currently being actively exploited on the net. “The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the ‘same origin policy’) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.” There is a security update for the problem.
Read more at LWN
