A recent
blog post by Mozilla security head Daniel Veditz outlined a particularly malicious exploit that was found embedded in an advertisement on a Russian news site. The exploit, first discovered by a Firefox user, could sift through your local files and upload them to a Ukranian server, all without you knowing.
The vulnerability relied on exploiting Firefox's integrated PDF reader and, therefore, those versions which do not include the feature - the mobile version of the browser - were not affected. While the exploit did not include the execution of external code, it did allow for potentially violating users' privacy by searching through their personal files and uploading them to an external server. Additionally, once the payload was executed, all traces of the exploit were removed.
