Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and uploads them to a Ukrainian server without the user ever knowing. The exploit does not execute any arbitrary code but injects a JavaScript payload into the local file context, allowing the script to search for and upload potentially user’s sensitive local files. Mac users are currently safe from this exploit, but researcher warned that another payload could potentially exploit the same vulnerability to target Mac systems. Users are recommended to update browsers to Firefox 39.0.3 to protect against the exploit.
Source: https://thehackernews.com/2015/08/mozilla-firefox-update-download.html