deepceleron (OP)
Legendary
Offline
Activity: 1512
Merit: 1036
|
|
August 08, 2015, 03:51:18 PM |
|
Firefox 39.0.3 was released and fixes a huge 0-day flaw in the built in PDF reader that allows a site to steal files from a PC - for you this means wallet files. "The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files". https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/It was found in ads on a news site that actively searched for and stole FTP client and account information along with bash history and scripts. It is as easy to imagine drive-bys taking wallet files or anything the user can access. The exact mechanism is not detailed without having access to the CVE. Mitigations such as moving or renaming the wallet file may not be effective, as searching for files is possible. Disabling the built-in PDF reader via about:config may not be effective either, so update.
|
|
|
|
|Bitcoin|
|
|
August 08, 2015, 03:58:05 PM |
|
I use chrome so there is no need to worry. Even if I use firefox I have my wallet on my phone. Nothing to worry for me.
|
|
|
|
linkgostar
Newbie
Offline
Activity: 2
Merit: 0
|
|
August 08, 2015, 04:08:08 PM |
|
i used chrome too. anyway thank for this News
|
|
|
|
mindrust
Legendary
Offline
Activity: 3402
Merit: 2509
|
|
August 08, 2015, 04:09:00 PM |
|
Thanks for letting us know that you are safe against this exploit, @|Bitcoin| . Be safe.
As a 39.0 user, thanks to the original poster for letting me know. I'll update right away.
|
| CHIPS.GG | | | ▄▄███████▄▄ ▄████▀▀▀▀▀▀▀████▄ ▄███▀░▄░▀▀▀▀▀░▄░▀███▄ ▄███░▄▀░░░░░░░░░▀▄░███▄ ▄███░▄░░░▄█████▄░░░▄░███▄ ███░▄▀░░░███████░░░▀▄░███ ███░█░░░▀▀▀▀▀░░░▀░░░█░███ ███░▀▄░▄▀░▄██▄▄░▀▄░▄▀░███ ▀███░▀░▀▄██▀░▀██▄▀░▀░███▀ ▀███░▀▄░░░░░░░░░▄▀░███▀ ▀███▄░▀░▄▄▄▄▄░▀░▄███▀ ▀████▄▄▄▄▄▄▄████▀ █████████████████████████ | | ▄▄███████▄▄ ▄███████████████▄ ▄█▀▀▀▄█████████▄▀▀▀█▄ ▄██████▀▄█▄▄▄█▄▀██████▄ ▄████████▄█████▄████████▄ ████████▄███████▄████████ ███████▄█████████▄███████ ███▄▄▀▀█▀▀█████▀▀█▀▀▄▄███ ▀█████████▀▀██▀█████████▀ ▀█████████████████████▀ ▀███████████████████▀ ▀████▄▄███▄▄████▀ ████████████████████████ | | 3000+ UNIQUE GAMES | | | 12+ CURRENCIES ACCEPTED | | | VIP REWARD PROGRAM | | ◥ | Play Now |
|
|
|
Cryptock
|
|
August 08, 2015, 04:10:20 PM |
|
Holy crap. Thanks for the heads up
|
|
|
|
countryfree
Legendary
Offline
Activity: 3066
Merit: 1047
Your country may be your worst enemy
|
|
August 08, 2015, 05:16:37 PM |
|
Thanks for info, but my Firefox is tuned for auto updates, so there's no risk. One nice Firefox's feature is to allow profiles. I have one profile dedicated to BTC, banking and online shopping, which I'm not using now. That helps make my computer a bit more secure. I keep on thinking Firefox is the best browser around. And I'm not sharing anything with Google.
|
I used to be a citizen and a taxpayer. Those days are long gone.
|
|
|
unamis76
Legendary
Offline
Activity: 1512
Merit: 1012
|
|
August 08, 2015, 05:25:57 PM |
|
I've read this before and immediately pictured my empty wallet files on my desktop being stolen Anyways, I'm on Chrome. But I'm also worried as it might have the same or a similar exploit. I hope it is discovered if it's there... Good thing they promptly corrected the issue after being discovered.
|
|
|
|
White sugar
Legendary
Offline
Activity: 1232
Merit: 1005
|
|
August 08, 2015, 10:16:13 PM |
|
just use noscript and you will be fine
also is this for all OS's that have the reader or just some?
|
|
|
|
rokkyroad
Legendary
Offline
Activity: 1090
Merit: 1000
|
|
August 08, 2015, 11:26:57 PM |
|
linux users can use Firejail to further protect themselves. Firejail sandboxes browsers and others. https://l3net.wordpress.com/projects/firejail/
|
" If you have to spam and shout to justify your existence then you are a shit coin." TaunSew
|
|
|
Xian01
Legendary
Offline
Activity: 1652
Merit: 1067
Christian Antkow
|
|
August 08, 2015, 11:28:45 PM |
|
I've read this before and immediately pictured my empty wallet files on my desktop being stolen LPT: Ensure that your wallet is encrypted with a redonkulously long password.
|
|
|
|
Superhitech
Legendary
Offline
Activity: 1064
Merit: 1000
|
|
August 08, 2015, 11:37:38 PM |
|
Thanks for the heads up, updated my firefox.
|
|
|
|
Foxpup
Legendary
Offline
Activity: 4508
Merit: 3180
Vile Vixen and Miss Bitcointalk 2021-2023
|
|
August 09, 2015, 02:11:47 AM |
|
just use noscript and you will be fine
No, you won't. The PDF viewer script is internal to Firefox and is not blocked by NoScript. Please don't post dangerous false information for the sake of your signature campaign.
|
Will pretend to do unspeakable things (while actually eating a taco) for bitcoins: 1K6d1EviQKX3SVKjPYmJGyWBb1avbmCFM4I am not on the scammers' paradise known as Telegram! Do not believe anyone claiming to be me off-forum without a signed message from the above address! Accept no excuses and make no exceptions!
|
|
|
Holliday
Legendary
Offline
Activity: 1120
Merit: 1012
|
|
August 09, 2015, 05:25:41 AM |
|
If you store bitcoin private keys on a computer which is also used to browse the web (or even connected to the internet for that matter), you are probably going to have a bad time.
|
If you aren't the sole controller of your private keys, you don't have any bitcoins.
|
|
|
LiteCoinGuy
Legendary
Offline
Activity: 1148
Merit: 1014
In Satoshi I Trust
|
|
August 09, 2015, 07:41:27 AM |
|
If you store bitcoin private keys on a computer which is also used to browse the web (or even connected to the internet for that matter), you are probably going to have a bad time.
yeah, you should not store everything in a hotwallet on your pc you could use a hardware wallet: https://bitcointalk.org/index.php?topic=899253.0
|
|
|
|
|