Security Alert (A15-08-01): Vulnerability in Firefox


 

Published on: 07 August 2015

  
  

Description:

Mozilla has published a security advisory to address a vulnerability found in Firefox. This vulnerability is caused by a problem that allows violation of the same origin policy to read local files. A remote attacker could entice a user to open a web page with specially crafted content to exploit the vulnerability.


Reports indicate that the vulnerability is being actively exploited in the wild.

Affected Systems:

  • Firefox prior to version 39.0.3
  • Firefox ESR 38.x prior to version 38.1.1

Impact:

A successful attack could lead to bypass of security restrictions and information disclosure.


Recommendation:

Mozilla has released new versions of the products to address the issue and they can be downloaded at the following URLs:

  • Firefox 39.0.3 for Windows, Macintosh and Linux
    https://download.mozilla.org/?product=firefox-39.0.3-SSL&os=win
    https://download.mozilla.org/?product=firefox-39.0.3-SSL&os=osx
    https://download.mozilla.org/?product=firefox-39.0.3-SSL&os=linux

  • Firefox ESR 38.1.1 for Windows, Macintosh and Linux
    https://download.mozilla.org/?product=firefox-38.1.1esr-SSL&os=win
    https://download.mozilla.org/?product=firefox-38.1.1esr-SSL&os=osx
    https://download.mozilla.org/?product=firefox-38.1.1esr-SSL&os=linux

Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.


More Information:

https://www.mozilla.org/en-US/security/advisories/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
https://www.us-cert.gov/ncas/current-activity/2015/08/06/Mozilla-Releases-Security-Updates-Firefox-and-Firefox-ESR
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-4495



Tag: Firefox , Mozilla
Tags