Go update Firefox. Then come back and read this story. No, really, I mean it. A new security hole is exposed in Firefox browser, which they have already patched and for which they have released an update. The organization wrote in a blog post, “Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1.” No software is bug free – whether open source or proprietary – and there can always be security holes. The big difference comes from transparency and promptness in patching such holes. We have seen cases with Microsoft Windows and Mac OS X where the security teams informed the companies of security holes and they didn’t patch them for months – leaving such systems to be exploited. That’s not the case with open source. Here, patches are released in matter of hours and not months or years. SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe As I said before, there can be bugs in any software, and in this case a bug in the built-in PDF reader allowed an attacker to read and steal ‘sensitive’ local files on a user’s computer. The attack was targeted at Linux and Windows users, leaving out Mac OS X users — this time. Just because the attacker didn’t target Mac OS X doesn’t mean Mac users shouldn’t care. The number of exploits found on Mac OS X and iOS are increasing so it’s unwise not to update Firefox. The attackers went after “the usual global configuration files like /etc/passwd, and then in all the user directories it can access it looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with ‘pass’ and ‘access’ in the names, and any shell scripts,” wrote Daniel Veditz of Mozilla. In the case of Windows, attackers “looked for subversion, s3browser, and Filezilla configurations files, .purple and Psi+ account information, and site configuration files from eight different popular FTP clients,” he added. So if you are on any of these three platforms, you must update Firefox immediately (you can finish this story later). And Linux and Windows users must change passwords and ssh keys if you used any of these programs. I commend Mozilla for how quickly it responded to the exploit. Compare that to Microsoft where the company takes issue with Google ‘disclosing’ the hole after the three months deadline passes instead of actually fixing the bug itself. Apple is no different, they take years to patch some holes. That’s why I use open source. Related content opinion These are the most exciting Linux powered devices Did you know that Tesla cars ran on Linux?rn By Swapnil Bhartiya May 22, 2017 4 mins Linux Open Source opinion How Rackspace flew through turbulence in the private cloud Bryan Thompson, General Manager, OpenStack Private Cloud at Rackspace, talked about the second generation of cloud and some turbulence that OpenStack recently experienced.rn By Swapnil Bhartiya May 22, 2017 4 mins Open Source Cloud Computing Data Center opinion How Dell’s Project Sputnik came to life I met and talked to Barton George, the projectu2019s initiator and leader, to understand the backstory. By Swapnil Bhartiya May 22, 2017 10 mins Linux Open Source Computers and Peripherals opinion Elementary OS is trying to create a business model for open source app developers There is no dearth of Linux based operating systems, you will find dime a dozen. However there are only a few major ones that matter and elementary OS is among them. rn By Swapnil Bhartiya May 20, 2017 4 mins Linux Open Source Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe