Home » News » Security Updates for Firefox and Firefox ESR Released

Dated: August 6, 2015

Description
Mozilla has found a critical vulnerability in Firefox, Firefox ESR and  Firefox OS that violates the same origin policy and inject scripts into a non-privileged part of the built-in PDF Viewer. This allows an attacker to read and steal sensitive local files on the victim’s computer.

The problem has been fixed in the following Firefox versions
–  Firefox 39.0.3
–  Firefox ESR 38.1.1
–  Firefox OS 2.2

Recommendation
NUST CSIRT encourage users and administrators to review the Mozilla security advisory [1] for Firefox and Firefox ESR and apply necessary updates.

References
[1]. https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/