Arch Linux Security Advisory ASA-201508-1
========================================
Severity: Critical
Date    : 2015-08-07
CVE-ID  : CVE-2015-4495
Package : firefox
Type    : information leakage
Remote  : Yes
Link    : https://wiki.archlinux.org/title/CVE

Summary
======
The package firefox before version 39.0.3-1 is vulnerable to local file
stealing.

Resolution
=========
Upgrade to 39.0.3-1.

# pacman -Syu "firefox>=39.0.3-1"

The problem has been fixed upstream in version 39.0.3.

Workaround
=========
This issue can be mitigated by disabling the built-in PDF viewer, PDF.js.

This can be done by typing about:config in the address bar, pressing
Enter, looking for the pdfjs.disabled value and setting it to True by
right-clicking on the line and left-clicking "Toggle". Note that
accessing the about:config page might trigger a "This might void your
warranty!" warning, easily dismissed by clicking on the "I'll be
careful, I promise!" button.

Description
==========
Security researcher Cody Crews reported on a way to violate the same
origin policy and inject script into a non-privileged part of the
built-in PDF Viewer. This would allow an attacker to read and steal
sensitive local files on the victim's computer.

Mozilla has received reports that an exploit based on this vulnerability
has been found in the wild.

Impact
=====
A remote attacker can craft a malicious web page stealing arbitrary
files from the host running firefox.
Mozilla reports that this flaw is already exploited in the wild. At
least one exploit is targeting Linux and reads /etc/passwd, then in all
the user directories it can access looks for .bash_history,
.mysql_history, .pgsql_history, .ssh configuration files and keys,
configuration files for remina, Filezilla, and Psi+, text files with
“pass” and “access” in the names, and any shell scripts.

References
=========
https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
https://access.redhat.com/security/cve/CVE-2015-4495
https://access.redhat.com/articles/1563163

ArchLinux: 201508-1: firefox: local file stealing via PDF reader

August 7, 2015

Summary

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild.

Resolution

Upgrade to 39.0.3-1. # pacman -Syu "firefox>=39.0.3-1"
The problem has been fixed upstream in version 39.0.3.

References

https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/ https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ https://access.redhat.com/security/cve/CVE-2015-4495 https://access.redhat.com/articles/1563163

Severity
Package : firefox
Type : information leakage
Remote : Yes
Link : https://wiki.archlinux.org/title/CVE

Workaround

This issue can be mitigated by disabling the built-in PDF viewer, PDF.js. This can be done by typing about:config in the address bar, pressing Enter, looking for the pdfjs.disabled value and setting it to True by right-clicking on the line and left-clicking "Toggle". Note that accessing the about:config page might trigger a "This might void your warranty!" warning, easily dismissed by clicking on the "I'll be careful, I promise!" button.

Related News

19.Laptop Bed Esm H320
2 - 3 min read
The release of Google Chrome 124 addresses four vulnerabilities, including a critical security flaw that can enable attackers to execute arbitrary
23.Tablet Connections Esm H320
2 - 3 min read
The release of Ubuntu 24.04 LTS , also known as Noble Numbat, brings various security enhancements and exciting new features . These improvements
4.Lock AbstractDigital Esm H320
2 - 3 min read
Tails 6.2 is a new Linux distribution release that expands its multilingual support and improves security features. The distribution is a
19.Laptop Bed Esm H320
2 - 3 min read
AlmaLinux 9.4 beta has been released and provides compelling reasons to consider it for desktop usage. While AlmaLinux is primarily known as a
32.Lock Code Circular Esm H320
2 - 3 min read
Linux admins and security practitioners face significant challenges in keeping their Linux systems secure amidst the constant threat of kernel bugs.
1.Penguin Landscape Esm H320
2 - 3 min read
A significant security threat, known as the Spectre v2 exploit, has been observed targeting Linux systems running on modern Intel processors. Let's
10.FingerPrint Locks Esm H320
2 - 3 min read
The recent release of I2P 2.5.0 , an anonymous P2P network that protects against online censorship, surveillance, and monitoring, has brought a slew
24.Key Code Esm H320
2 - 3 min read
The Akira ransomware group has extorted approximately $42 million from over 250 victims since January 1, 2024. The group initially focused on
Sign Up

Get the Latest News & Insights

Sign up to get the latest security news affecting Linux and open source delivered straight to your inbox.

© 2024 Guardian Digital, Inc All Rights Reserved