Mozilla urges users to update Firefox with file stealing exploit in wild

Firefox 39.0.3 was released [yesterday] to fix a CRITICAL issue with Firefox's built-in PDF reader, which could "allow an attacker to read and steal sensitive local files on the victim's computer".

Any files encountered by the payload are uploaded to a server reportedly in Ukraine.

"The exploit leaves no trace it has been run on the local machine," said Veditz. "If you use Firefox on Windows or Linux it would be prudent to change any passwords and keys found in the above-mentioned files if you use the associated programs."

http://www.zdnet.com/article/mozilla-urges-users-to-update-firefox-with-file-stealing-exploit-in-wild/

https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/