Firefox has a new security hole, but you can already patch it

Yesterday, someone noticed that an ad from a Russian news site was exploiting a serious vulnerability in the Firefox browser. According to a Mozilla security post, the attacker was able to bypass the browser's "origin policy" (its front line of security), inject a malicious javascript script and download sensitive local files to a server in the Ukraine. Mozilla said the attack was "surprisingly developer-focused for an exploit launched a general audience news site," because it hunted browser and FTP configuration files. It added that the "exploit leaves no trace that it has run on the local machine."

The organization said the malicious scripts can affect PC and Linux computers, but not Macs. Apple users are still advised to update, though, as hackers could develop a different attack script for OS X. Luckily, the person who spotted the flaw was security researcher Cody Crews, who immediately notified Mozilla. It has patched the flaw with Firefox version 39.0.3, so now would be a good time to get it.