Firefox 39.03 - pdf.js Same Origin Policy Exploit

Exploit for multiple platform in category local exploits / Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var...

Mozilla Firefox < 39.03 - 'pdf.js' Same Origin Policy

/ Exploit Title: Firefox CVE-2015-4495 Test Run the index.html Make sure the main.js is in the same directory and we should be able to see the directory listing. 3. Solution Upgrade to the latest firefox 39.0.3 / var starttimeout=2000; var sandboxcontexti=null; var DIRCACHE=; var FILECACHE=; var...

Firefox PDF.js Browser File Theft

This module abuses an XSS vulnerability in versions prior to Firefox 39.0.3, Firefox ESR 38.1.1, and Firefox OS 2.2 that allows arbitrary files to be stolen. The vulnerability occurs in the PDF.js component, which uses Javascript to render a PDF inside a frame with privileges to read local files...

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150807)

A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...

CentOS Update for firefox CESA-2015:1581 centos7

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882239";...

CentOS Update for firefox CESA-2015:1581 centos5

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882241";...

firefox security update

CentOS Errata and Security Advisory CESA-2015:1581 Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

Important: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

The vulnerability of the Firefox ESR browser, which allows a hacker to execute arbitrary code

The vulnerability of the PDF.js module for the Firefox ESR browser is related to errors in the code. Exploiting this vulnerability allows a malicious actor to execute arbitrary code remotely, by circumventing current access restrictions...

openSUSE: Security Advisory for MozillaFirefox (openSUSE-SU-2015:1229-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Security update for MozillaFirefox, mozilla-nss (important)

MozillaFirefox was updated to version 39.0 to fix 21 security issues. These security issues were fixed: - CVE-2015-2724/CVE-2015-2725/CVE-2015-2726: Miscellaneous memory safety hazards bsc935979. - CVE-2015-2727: Local files or privileged URLs in pages can be opened into new tabs bsc935979. -...

CentOS Update for firefox CESA-2015:1207 centos5

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882217";...

CentOS Update for firefox CESA-2015:1207 centos7

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882218";...

CentOS Update for firefox CESA-2015:1207 centos6

Check the version of firefox SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.882216";...

firefox security update

CentOS Errata and Security Advisory CESA-2015:1207 Updated firefox packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Critical security impact. Common Vulnerability Scoring System CVSS bas...

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

Security feature bypass

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

CVE-2015-2743

PDF.js in Mozilla Firefox before 39.0 and Firefox ESR 31.x before 31.8 and 38.x before 38.1 enables excessive privileges for internal Workers, which might allow remote attackers to execute arbitrary code by leveraging a Same Origin Policy bypass...

CVE-2015-2743

CVE-2015-2743 affects Mozilla Firefox and Firefox ESR where PDF.js in the built-in PDF viewer could execute internal Worker code with elevated privileges, enabling a Same Origin Policy bypass and potential remote code execution. Affected versions include Firefox < 39.0 and Firefox ESR < 31....

Scientific Linux Security Update : firefox on SL5.x, SL6.x, SL7.x i386/x86_64 (20150703)

Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. CVE-2015-2724, CVE-2015-2725, CVE-2015-2722, CVE-2015-2727,...