Searching
..

Click anywhere to stop

KLA10642
Obtain sensitive information vulnerability in Mozilla Firefox and Firefox ESR

Updated: 09/26/2023
Detect date
?
08/06/2015
Severity
?
Warning
Description

An unspecified vulnerability was found in Mozilla Firefox. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via vectors related ti PDF viewer.


Technical details

There are way to bypass same origin policy and inject script into a non-privileged part of the PDF Viewer. In case of exploitation malicious can steal sensitive local files (potentially private ssh keys and some popular config files). Some of people who using adblock may have been protected.

Affected products

Mozilla Firefox versions earlier than 39.0.3
Mozilla Firefox ESR versions earlier than 38.1.1

Solution

Update to the latest version and keep watch your passwords and configurations
Get Mozilla Firefox

Original advisories

Mozilla advisory

Impacts
?
OSI 
[?]

PE 
[?]

RLF 
[?]
Related products
Mozilla Firefox
Mozilla Firefox ESR
CVE-IDS
?
CVE-2015-44954.3Warning
Exploitation

Public exploits exist for this vulnerability.

Malware exists for this vulnerability. Usually such malware is classified as Exploit. More details.

Find out the statistics of the vulnerabilities spreading in your region