KLA10642
Obtain sensitive information vulnerability in Mozilla Firefox and Firefox ESR
Обновлено: 17/06/2019
Дата обнаружения
06/08/2015
Уровень угрозы
Warning
Описание

An unspecified vulnerability was found in Mozilla Firefox. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via vectors related ti PDF viewer.


Technical details

There are way to bypass same origin policy and inject script into a non-privileged part of the PDF Viewer. In case of exploitation malicious can steal sensitive local files (potentially private ssh keys and some popular config files). Some of people who using adblock may have been protected.

Пораженные продукты

Mozilla Firefox versions earlier than 39.0.3
Mozilla Firefox ESR versions earlier than 38.1.1

Решение

Update to the latest version and keep watch your passwords and configurations
Get Mozilla Firefox

Первичный источник обнаружения
Mozilla advisory
Оказываемое влияние
?
OSI 
[?]

RLF 
[?]
Связанные продукты
Mozilla Firefox
Mozilla Firefox ESR
CVE-IDS
CVE-2015-44954.3Warning