Mozilla has released a security update for a vulnerability in their Firefox web browser. The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.

To manually update Firefox:

1. Click the menu button , click help and select About Firefox. On the menu bar click the Firefox menu and select About Firefox.
2. The About Firefox window will open and Firefox will begin checking for updates and downloading them automatically.

   

3. When the updates are ready to be installed, click Restart to UpdateRestart Firefox to Update.