If you are a Firefox user, stop what you’re doing right now and update your web browser. An exploit discovered on Wednesday could potentially search your local files and upload them to a server that appears to be in Ukraine, according to a blog post Mozilla published on Thursday.
Update Your Firefox Browser to Maintain Secure System
The company strongly recommends users update to the Firefox 39.0.3 or Firefox ESR (Extended Support Release) 38.1.1.
An advertisement on an unnamed Russian general news website can use a security vulnerability to perform the search and upload without leaving any trace on your computer, according to the post.
The security bug affects Windows and Linux users; Mac users are reportedly safe, though “would not be immune,” according to the post by Mozilla lead security expert Daniel Veditz.
“The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer,” Veditz wrote. “Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable.”
Veditz added that users who have ad-blocking software enabled may be unaffected.
If you aren’t on the latest version of Firefox, you can find instructions on how to update it here.