SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
(CentOS Issues Fix) Mozilla Firefox PDF Viewer Same-Origin Bypass Lets Remote Users Obtain Potentially Sensitive Information on the Target System
SecurityTracker Alert ID:  1033231
SecurityTracker URL:  http://securitytracker.com/id/1033231
CVE Reference:   CVE-2015-4495   (Links to External Site)
Date:  Aug 11 2015
Impact:   Disclosure of system information, Disclosure of user information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): prior to 39.0.3
Description:   A vulnerability was reported in Mozilla Firefox. A remote user can obtain files from the target user's system.

A remote user can create specially crafted content that, when loaded by the target user, will bypass same-origin policy and inject arbitrary JavaScript into the built-in PDF Viewer in the local file context and gain access to files on the target user's system with the privileges of the target user.

This vulnerability is being actively exploited.

Cody Crews reported this vulnerability.

Impact:   A remote user can obtain files on the target user's system.
Solution:   CentOS has issued a fix.

i386:
c7d0fc6c649bb5e2f41db2ea6f80b52789ddfafc643e59984bdeca42b7608b76 firefox-38.1.1-1.el5.centos.i386.rpm

x86_64:
c7d0fc6c649bb5e2f41db2ea6f80b52789ddfafc643e59984bdeca42b7608b76 firefox-38.1.1-1.el5.centos.i386.rpm
dc5d13d355ac83ee3dd3afb1dbcf0a6ded74be68500d09a869555dad0c609b55 firefox-38.1.1-1.el5.centos.x86_64.rpm

Source:
31f07cce830004db1f142096cc5467d943ba949ddff06b9c429dee78c1c6ece5 firefox-38.1.1-1.el5.centos.src.rpm

i386:
8020a7a951eb3c3c274c709bc4870d187c096b5b2b7d676f7ed2928b1c71e9a9 firefox-38.1.1-1.el6.centos.i686.rpm

x86_64:
8020a7a951eb3c3c274c709bc4870d187c096b5b2b7d676f7ed2928b1c71e9a9 firefox-38.1.1-1.el6.centos.i686.rpm
31075747bdd941dc9f23b2c27cb52b1acfafc4b6480e33e1b0c58a4983b586f0 firefox-38.1.1-1.el6.centos.x86_64.rpm

Source:
8523f6499d96465fd55567593e254666303af0182bdf96a6c7462082dd8432fd firefox-38.1.1-1.el6.centos.src.rpm

x86_64:
b77bcb4855eaacc2a86d90bc5cc2c064059d97ae92c4a199bbda755df9ab4fbd firefox-38.1.1-1.el7.centos.i686.rpm
1ed08983be3eac961d8227a70b6fb13ad83aa0cb874873fc9676569d312fb1a8 firefox-38.1.1-1.el7.centos.x86_64.rpm

Source:
a51558258a9efa51d0c49d28f8ff10d62aa6c39b8e13e6d4294952fad9088378 firefox-38.1.1-1.el7.centos.src.rpm

Cause:   Access control error
Underlying OS:  Linux (CentOS)
Underlying OS Comments:  5, 6, 7

Message History:   This archive entry is a follow-up to the message listed below.
Aug 7 2015 Mozilla Firefox PDF Viewer Same-Origin Bypass Lets Remote Users Obtain Potentially Sensitive Information on the Target System



 Source Message Contents

Subject:  [CentOS-announce] CESA-2015:1581 Important CentOS 5 firefox Security Update


CentOS Errata and Security Advisory 2015:1581 Important

Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1581.html

The following updated files have been uploaded and are currently 
syncing to the mirrors: ( sha256sum Filename ) 

i386:
c7d0fc6c649bb5e2f41db2ea6f80b52789ddfafc643e59984bdeca42b7608b76  firefox-38.1.1-1.el5.centos.i386.rpm

x86_64:
c7d0fc6c649bb5e2f41db2ea6f80b52789ddfafc643e59984bdeca42b7608b76  firefox-38.1.1-1.el5.centos.i386.rpm
dc5d13d355ac83ee3dd3afb1dbcf0a6ded74be68500d09a869555dad0c609b55  firefox-38.1.1-1.el5.centos.x86_64.rpm

Source:
31f07cce830004db1f142096cc5467d943ba949ddff06b9c429dee78c1c6ece5  firefox-38.1.1-1.el5.centos.src.rpm



-- 
Johnny Hughes
CentOS Project { http://www.centos.org/ }
irc: hughesjr, #centos@irc.freenode.net

_______________________________________________
CentOS-announce mailing list
CentOS-announce@centos.org
http://lists.centos.org/mailman/listinfo/centos-announce
 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2021, SecurityGlobal.net LLC