Author

Topic: Firefox users, update now, file stealing exploit found (Read 612 times)

legendary
Activity: 1148
Merit: 1014
In Satoshi I Trust
If you store bitcoin private keys on a computer which is also used to browse the web (or even connected to the internet for that matter), you are probably going to have a bad time.

yeah, you should not store everything in a hotwallet on your pc  Lips sealed

you could use a hardware wallet:

https://bitcointalksearch.org/topic/overview-bitcoin-hardware-wallets-secure-your-coins-899253
legendary
Activity: 1120
Merit: 1012
If you store bitcoin private keys on a computer which is also used to browse the web (or even connected to the internet for that matter), you are probably going to have a bad time.
legendary
Activity: 4542
Merit: 3393
Vile Vixen and Miss Bitcointalk 2021-2023
just use noscript and you will be fine
No, you won't. The PDF viewer script is internal to Firefox and is not blocked by NoScript. Please don't post dangerous false information for the sake of your signature campaign.
legendary
Activity: 1064
Merit: 1000
Thanks for the heads up, updated my firefox.  Smiley
legendary
Activity: 1652
Merit: 1067
Christian Antkow
I've read this before and immediately pictured my empty wallet files on my desktop being stolen Cheesy
LPT: Ensure that your wallet is encrypted with a redonkulously long password.
legendary
Activity: 1090
Merit: 1000
linux users can use Firejail to further protect themselves. Firejail sandboxes browsers and others.

https://l3net.wordpress.com/projects/firejail/
legendary
Activity: 1232
Merit: 1005
just use noscript and you will be fine

also is this for all OS's that have the reader or just some?
legendary
Activity: 1512
Merit: 1012
I've read this before and immediately pictured my empty wallet files on my desktop being stolen Cheesy Anyways, I'm on Chrome. But I'm also worried as it might have the same or a similar exploit. I hope it is discovered if it's there...

Good thing they promptly corrected the issue after being discovered.
legendary
Activity: 3066
Merit: 1047
Your country may be your worst enemy
Thanks for info, but my Firefox is tuned for auto updates, so there's no risk. One nice Firefox's feature is to allow profiles. I have one profile dedicated to BTC, banking and online shopping, which I'm not using now. That helps make my computer a bit more secure. I keep on thinking Firefox is the best browser around. And I'm not sharing anything with Google.
hero member
Activity: 1792
Merit: 507
Holy crap. Thanks for the heads up
legendary
Activity: 3276
Merit: 2442
Thanks for letting us know that you are safe against this exploit,  @|Bitcoin| . Be safe.

As a 39.0 user, thanks to the original poster for letting me know. I'll update right away.
newbie
Activity: 2
Merit: 0
i used chrome too. anyway thank for this News
sr. member
Activity: 320
Merit: 250
I use chrome so there is no need to worry.  Even if I use firefox I have my wallet on my phone. Nothing to worry for me.
legendary
Activity: 1512
Merit: 1036
Firefox 39.0.3 was released and fixes a huge 0-day flaw in the built in PDF reader that allows a site to steal files from a PC - for you this means wallet files.

"The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files".

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/

It was found in ads on a news site that actively searched for and stole FTP client and account information along with bash history and scripts. It is as easy to imagine drive-bys taking wallet files or anything the user can access.

The exact mechanism is not detailed without having access to the CVE. Mitigations such as moving or renaming the wallet file may not be effective, as searching for files is possible. Disabling the built-in PDF reader via about:config may not be effective either, so update.
Jump to: