KLA10642
Obtain sensitive information vulnerability in Mozilla Firefox
Updated: 08/12/2015
CVSS
?
4.3
Detect date
?
08/06/2015
Severity
?
Warning
Description

An unspecified vulnerability was found in Mozilla Firefox. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via vectors related ti PDF viewer.

Technical details

There are way to  bypass same origin policy and inject script into a non-privileged part of the PDF Viewer. In case of exploitation malicious can steal sensitive local files (potentially private ssh keys and some popular config files). Some of people who using adblock may have been protected.

Affected products

Mozilla Firefox versions earlier than 39.0.3
Mozilla Firefox ESR versions earlier than 38.1.1

Solution

Update to the latest version and keep watch your passwords and configurations
Get Mozilla Firefox

Original advisories

Mozilla advisory

Impacts
?
RLF 
[?]

OSI 
[?]
Related products
Mozilla Firefox ESR
Mozilla Firefox
CVE-IDS
?

CVE-2015-4495