Tuesday morning, a user identified a vulnerability on Mozilla Firefox that has the ability to search for sensitive PDF files and upload them to a server that is noted to be in the Ukraine. The exploit was first delivered by an advertisement on a news site originating in Russia. As of right now it can be delivered by any site that has been exploited.
Mozilla has issued security updates to solve this vulnerability. They recommend any Mozilla users to upgrade to Firefox 39.03.3 which they released on Thursday.
This particular exploit does not leave any evidence that it was there; because of this it is paramount to change any and all passwords on sensitive PDF files saved on your PC or server if you use FTP clients such as Filezilla.
The vulnerability affects both Linux and Windows, it does not affect those using Firefox mobile app for Android. Mac users are in the clear so far but Mozilla has stated that Apple’s OX is not untouchable if someone wanted to target it, and they usually do.