Mozilla Security · Aug 7, 2015 · 6:26 AM UTC

Mozilla Security

Mozilla Security @mozsec

7 Aug 2015

Yesterday, we learned of an ad-based exploit that stole SSH keys and FTP passwords. Today, Firefox 39.0.3 has a fix. blog.mozilla.org/security/20…

Firefox exploit found in the wild – Mozilla Security Blog

Yesterday morning, August 5, a Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded ...

blog.mozilla.org

380

139

Jesse Ruderman · Aug 7, 2015 · 7:29 AM UTC

Jesse Ruderman @jruderman

7 Aug 2015

.@mozsec It's time for Firefox to treat ad iframe as if they had the “sandbox” attribute, and ad script tags as XSS attacks.

Jesse Ruderman · Aug 7, 2015 · 8:02 AM UTC

Jesse Ruderman @jruderman

7 Aug 2015

Meanwhile, the ad industry wants to extend <iframe> so it can cover the page and read everything other than your pw: iab.net/safeframe

Bil Corry · Aug 17, 2015 · 10:25 PM UTC

Bil Corry · Aug 17, 2015 · 10:25 PM UTC

Bil Corry @bilcorry

17 Aug 2015

Replying to @jruderman

@jruderman It must be safe, it has "safe" in the name.

Aug 17, 2015 · 10:25 PM UTC