Critical fix for Firefox 39.0.x, Firefox ESR 38.x.x , Firefox OS 2.x

ImageNews from out there about new technologies.

It will be updated when possible.
User avatar
Juanm
Site developer
Site developer
Posts: 1084
Joined: Thursday March 25th, 2004 21h45:21
Location: Behind YOU

Critical fix for Firefox 39.0.x, Firefox ESR 38.x.x , Firefox OS 2.x

Postby Juanm » Saturday August 8th, 2015 14h41:23

Same origin violation and local file stealing via PDF reader

Announced: August 6, 2015
Reporter: Cody Crews
Impact: Critical
Products: Firefox, Firefox ESR, Firefox OS
Fixed in

Firefox 39.0.3
Firefox ESR 38.1.1
Firefox OS 2.2

Description

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer.

Mozilla has received reports that an exploit based on this vulnerability has been found in the wild.


Info: here https://www.mozilla.org/en-US/security/ ... sa2015-78/


Return to “Tech news”

Who is online

Users browsing this forum: CommonCrawl [Bot], Feedburner [Bot] and 1 guest