Yesterday, someone noticed that an ad from a Russian news site was exploiting a serious vulnerability in the Firefox browser. According to a Mozilla security post, the attacker was able to bypass the browser's "origin policy" (its front line of security), inject a malicious javascript script and download sensitive local files to a server in the Ukraine. Mozilla said the attack was "surprisingly developer-focused for an exploit launched a general audience news site," because it hunted browser and FTP configuration files. It added that the "exploit leaves no trace that it has run on the local machine."

http://www.engadget.com/2015/08/07/f...-flaw-patched/