Alerts This Week
Warning Icon 1 664
Alerts This Week
Warning Icon 1 664

Ubuntu: USN-2707-1 Critical: Firefox Information Exposure

Calendar Aug 07, 2015 User Avatar LinuxSecurity Advisories
1 - 2 min read
Ubuntu Large Esm H500
Topics%20covered

Topics Covered

security advisory critical software update firefox information exposure web browser ubuntu
Firefox could be made to expose sensitive information from local files. 
=========================================================================Ubuntu Security Notice USN-2707-1
August 07, 2015

firefox vulnerability
=========================================================================
A security issue affects these releases of Ubuntu and its derivatives:

- Ubuntu 15.04
- Ubuntu 14.04 LTS
- Ubuntu 12.04 LTS

Summary:

Firefox could be made to expose sensitive information from local files.

Software Description:
- firefox: Mozilla Open Source web browser

Details:

Cody Crews discovered a way to violate the same-origin policy to inject
script in to a non-privileged part of the PDF viewer. If a user were
tricked in to opening a specially crafted website, an attacker could
exploit this to read sensitive information from local files.
(CVE-2015-4495)

Update instructions:

The problem can be corrected by updating your system to the following
package versions:

Ubuntu 15.04:
  firefox                         39.0.3+build2-0ubuntu0.15.04.1

Ubuntu 14.04 LTS:
  firefox                         39.0.3+build2-0ubuntu0.14.04.1

Ubuntu 12.04 LTS:
  firefox                         39.0.3+build2-0ubuntu0.12.04.1

After a standard system update you need to restart Firefox to make
all the necessary changes.

References:
  https://ubuntu.com/security/notices/USN-2707-1
  CVE-2015-4495

Package Information:
  https://launchpad.net/ubuntu/+source/firefox/39.0.3+build2-0ubuntu0.15.04.1
  https://launchpad.net/ubuntu/+source/firefox/39.0.3+build2-0ubuntu0.14.04.1
  https://launchpad.net/ubuntu/+source/firefox/39.0.3+build2-0ubuntu0.12.04.1

Ubuntu: USN-2707-1 Critical: Firefox Information Exposure

ubuntu
Calendar Grey August 7, 2015
Dist Ubuntu Esm H88
Ubuntu Security Advisory USN-2707-1 addresses a vulnerability in Firefox that may lead to the unintended exposure of sensitive local files, prompting users to perform an update.
Firefox could be made to expose sensitive information from local files.

Summary

Topics%20covered

Topics Covered

security advisory critical software update firefox information exposure web browser ubuntu

Update Instructions

The problem can be corrected by updating your system to the following package versions: Ubuntu 15.04: firefox 39.0.3+build2-0ubuntu0.15.04.1 Ubuntu 14.04 LTS: firefox 39.0.3+build2-0ubuntu0.14.04.1 Ubuntu 12.04 LTS: firefox 39.0.3+build2-0ubuntu0.12.04.1 After a standard system update you need to restart Firefox to make all the necessary changes.

References

https://ubuntu.com/security/notices/USN-2707-1

CVE-2015-4495

Severity
critical
Lowest
Low
Medium
High
Critical

August 07, 2015

Topics%20covered

Topics Covered

security advisory critical software update firefox information exposure web browser ubuntu

Package Information

https://launchpad.net/ubuntu/+source/firefox/39.0.3+build2-0ubuntu0.15.04.1 https://launchpad.net/ubuntu/+source/firefox/39.0.3+build2-0ubuntu0.14.04.1 https://launchpad.net/ubuntu/+source/firefox/39.0.3+build2-0ubuntu0.12.04.1

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Related News

Your message here