CVE-2015-4495
A Firefox user reported that a russian website had been exploiting a critical zero-day vulnerability in Mozilla’s browser, prompting the open-source developer to deliver an emergency update that fixes the flaw.
The attack exploited the built-in PDF reader, allowing the attackers to steal sensitive files stored on the hard drives of computers that used the vulnerable Firefox version.
The attack was used against both Windows and Linux users, Mozilla researcher Daniel Veditz wrote in a blog post published Thursday.
The exploit code targeting Linux users uploaded cryptographically protected system passwords, bash command histories, secure shell (SSH) configurations and keys.
The attacker downloaded several other files, including histories for MySQL and PgSQL and configurations for remina, Filezilla, and Psi+, text files that contained the strings “pass” and “access” in the names. Any shell scripts were also grabbed.
The attack targeting Windows users appeared to go after files of interest to software developers. The targeted data included subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients.
Firefox users running Apple’s OS X weren’t targeted.
The exploit was served in an advertisement on an undisclosed Russian news site, but Veditz said he couldn’t rule out the possibility that other sites also hosted the attack. Some of those may have targeted Macs in addition to Windows and Linux.
