Mozilla yesterday updated its Firefox browser to patch a zero-day vulnerability being used to harvest passwords on Windows and Linux machines.

The update, Firefox 39.0.3, was released about 24 hours after Mozilla engineers heard of the flaw.

"A Firefox user informed us that an advertisement on a news site in Russia was serving a Firefox exploit that searched for sensitive files and uploaded them to a server that appears to be in Ukraine," Daniel Veditz, a security lead at Mozilla, wrote on a company blog.

A Guy