Mozilla blocked access to nbc.com during the attack (as did Chrome and Facebook). BUT during that window of time before Mozilla began blocking the site, a user with the latest Fx and internal PDF turned on, may have been vulnerable. Plus, not everyone sets their browsers to block reported attack sites. It is not clear to me whether or not Mozilla blocked nbc.com regardless of the user's settings or not.
I have never allowed PDF to be read in a browser. Firefox's internal PDF is using HTML5 so I don't know if it was vulnerable or not to this exploit. Even if not.....what about the next time? I continue to download PDF to disk, scan and THEN open in Evince which is little used on Windows (works great though) so less likely to be attacked by exploits.
»
hitmanpro.wordpress.com/ ··· malware/