Mozilla is urging all Firefox users to update their browser following the discovery of a file-stealing exploit.

A user in Russia this week found and disclosed a bug that searches for sensitive files and uploads them to a remote server.

A day later, Mozilla released security updates(Opens in a new window) to Firefox 39.0.3 that patch the vulnerability. The fix has also been shipped to Firefox ESR 38.1.1.

To update your browser to the latest version, open the menu button (the three lines in the upper right corner), click help (the question mark at the bottom), and select “About Firefox.” A pop-up window will automatically check for and download updates; if you’re running a version below 39.0.3, be sure to click “Restart Firefox to Update.”

The exploit, first spotted on a Russian news site, was made possible by an error in the interaction between JavaScript context separation and the browser’s PDF Viewer. Windows and Linux users should definitely install the update; Macs were not affected, but could certainly benefit from the latest version.

PC users shouldn’t panic, though. According to Veditz, the files targeted by the exploit were “surprisingly developer focused” for a general-audience news site—”of course we don’t know where else the malicious ad might have been deployed,” he added.

Since the exploit leaves no trace, Windows and Linux users are also encouraged to change any passwords and keys found in specific files and associated programs (see Mozilla’s blog(Opens in a new window) for more details).

Recommended by Our Editors

Mozilla Irked by Windows 10 Defaults

Meanwhile, products like Firefox for Android—which run without PDF Viewer—are not vulnerable, Mozilla said. Ad-blocking software may also have protected users, depending on the filters being used.

For more, see 14 Hidden Firefox Functions for Browsing Like a Boss in the slideshow above.