Mozilla Issues Fix For Firefox Zero-Day Bug

An anonymous reader writes: Thursday night Mozilla released a Firefox security patch after finding a serious vulnerability that allows malicious attackers to upload files from a user's computer. The update was released about 24 hours after Mozilla learned of the flaw. In a blog post, Mozilla said, "a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine. This morning Mozilla released security updates that fix the vulnerability. All Firefox users are urged to update to Firefox 39.0.3. The fix has also been shipped in Firefox ESR 38.1.1."

Re:External PDF viewer?

[U2xhc2hkb3QgU3Vja3M]

Why does a Web browser have a built-in PDF viewer in the first place?

A PDF file is an external document not meant to be viewed inside a browser. Or is Firefox also planning to add a Microsoft Word viewer, an Apple Keynote viewer, etc?

Re:External PDF viewer?

[ShaunC]

You can go to about:config and set the value for pdfjs.disabled to true, or create that setting (boolean type) if it doesn't exist. That'll cause Firefox to pop up a download dialog when you click a PDF link, and you can use something like Sumatra to open the file.