Vulnerability in Mozilla Firefox web browser is exploited in-the-wild

On the Mozilla security blog, there was information about detected cyber attacks on users using the zero-day vulnerability in the Firefox web browser. In this regard, the Mozilla Foundation Security Advisory 2015-78 security notice (MFSA2015-78) was also published. The vulnerability itself ( Same origin violation and local file stealing via PDF reader ) does not allow attackers to remotely execute the code in the user's system, however, it allows them to launch a malicious script for execution and steal information from the user's computer with it.



The vulnerability is related to the PDF Viewer plugin embedded in the web browser, so the OS for which Firefox ships without this plug-in (for example Android) does not affect this vulnerability. Today, the company has released an update that closes this vulnerability. Users should update the web browser.