Mozilla Firefox 39.0.3 released, fixes critical issue in the PDF reader
Mozilla Firefox 39.0.3 has been released, and it brings a fix for a security issue. I know what you may be thinking, and no it isn’t related to another vulnerability in Adobe Flash Player.
The change log for the update was surprisingly short, in fact it just fixes one issue, but its a rather important one as I have explained below.
Mozilla Firefox 39.0.3 patches a vulnerability in the browser’s built-in PDF reader. The issue was reported to Mozilla by security researcher Cody Crews. The security hole reportedly allows an attacker to exploit the same origin policy to inject a malicious script, in to the PDF viewer.
The issue has been flagged as a critical one, and this is what the release note states about the severity of the issue:
This would allow an attacker to read and steal sensitive local files on the victim’s computer.
This vulnerability affects both the Stable channel of Firefox as well as the ESR channel (Extended Support Release). It has been fixed in Mozilla Firefox 39.0.3 and Firefox ESR 38.1.1.
Even though Mozilla has posted a change log for Firefox 39.0.3, (at the time of writing this article) the browser maker has not made the standalone installer for the most recent version of Firefox, available at its downloads page. This could be a hurdle for those wishing to update multiple copies of Firefox at once.
So, the only way to get the latest version, is by using the built-in updater tool in Firefox. If you haven’t changed the way Firefox updates are delivered, the new version will automatically be installed on your computer.
If you did change it, you should manually check for updates. To do so, click on the Firefox Menu icon (hamburger menu) in the top right corner, then on the ?, which takes you to the Help section. Click on the last option which says “About Firefox”. The browser should check for updates, and offer to install Firefox 39.0.3.
Its just a 5MB update which patches Mozilla Firefox 39.0 to 39.0.3. Once it has been downloaded, Firefox will patch to the new version automatically. However, you will need to restart Firefox for the installation to complete. If you have open tabs, you can close the window to postpone it, but I strongly advise you to save your browsing session and update to it ASAP.
We can expect Mozilla to release another update for Firefox (version 40) next week, around 11th August, if the browser maker sticks to its Calendar.