Mozilla has published a blog post explaining that a Firefox exploit is running in the wild that can search for and upload files from your computer — but you can install an update to solve the problem right now.
Mozilla expalins that the vulnerability “comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer” That means that software without the PDF Viewer, like Firefox for Android, isn’t affected — but desktop versions are. The exploit, which seems to use a server in Ukraine, injects JavaScript to search your computer and potentially upload files. It leaves no trace on a computer to suggest that anything has happened.
But don’t panic! Firefox has already released security updates to fix it. That means you should update to Firefox 39.0.3 right now.
[Mozilla]
Picture: Håkan Dahlström