Ubuntu: Security Advisory (USN-2707-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

Important: Red Hat Security Advisory: firefox security update

Updated firefox packages that fix one security issue are now available for Red Hat Enterprise Linux 5, 6, and 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

Mozilla: Same origin violation and local file stealing via PDF reader (MFSA 2015-78)

A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer PDF.js. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files including...

Updated firefox package fixes CVE-2015-4495

Updated firefox packages fix security vulnerability: Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer in Firefox. This would allow an attacker to read and steal sensitive local files on the...

USN-2707-1 firefox vulnerability

Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files. CVE-2015-4495...

Warning! Update Mozilla Firefox to Patch Critical File Stealing Vulnerability

Earlier this week, Mozilla Security researcher Cody Crews discovered a malicious advertisement on a Russian news site that steals local files from a system and upload them to a Ukrainian server without the user ever knowing. The malicious advertisement was exploiting a serious vulnerability in...

CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

firefox: local file stealing via PDF reader

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit...

Firefox < 39.0.3 PDF Reader Arbitrary File Access (Mac OS X)

The version of Firefox installed on the remote Mac OS X host is prior to 39.0.3. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to sensitiv...

Firefox ESR < 38.1.1 PDF Reader Arbitrary File Access

The version of Firefox ESR installed on the remote Windows host is prior to 38.1.1. It is, therefore, affected by a vulnerability in the same origin policy in which an attacker can inject script code into a non-privileged part of browser's built-in PDF reader, resulting in gaining access to...

UBUNTU-CVE-2015-4495

The PDF reader in Mozilla Firefox before 39.0.3, Firefox ESR 38.x before 38.1.1, and Firefox OS before 2.2 allows remote attackers to bypass the Same Origin Policy, and read arbitrary files or gain privileges, via vectors involving crafted JavaScript code and a native setter, as exploited in the...

mozilla -- multiple vulnerabilities

The Mozilla Project reports: MFSA 2015-78 Same origin violation and local file stealing via PDF reader...

KLA10642 Obtain sensitive information vulnerability in Mozilla Firefox and Firefox ESR

An unspecified vulnerability was found in Mozilla Firefox. By exploiting this vulnerability malicious users can obtain sensitive information. This vulnerability can be exploited remotely via vectors related ti PDF viewer. Technical details There are way to bypass same origin policy and inject...

Same origin violation and local file stealing via PDF reader — Mozilla

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer...

DEBIAN-CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

CVE-2015-3439

Cross-site scripting XSS vulnerability in the Ephox formerly Moxiecode plupload.flash.swf shim 2.1.2 in Plupload, as used in WordPress 3.9.x, 4.0.x, and 4.1.x before 4.1.2 and other products, allows remote attackers to execute same-origin JavaScript functions via the target parameter, as...

VulnCheck KEV: CVE-2015-4495

Moxilla Firefox allows remote attackers to bypass the Same Origin Policy to read arbitrary files or gain privileges...

Ubuntu 14.04 LTS : Oxide vulnerabilities (USN-2677-1)

The remote Ubuntu 14.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-2677-1 advisory. An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially explo...

USN-2677-1: Oxide vulnerabilities

An uninitialized value issue was discovered in ICU. If a user were tricked in to opening a specially crafted website, an attacker could potentially exploit this to cause a denial of service. CVE-2015-1270 A use-after-free was discovered in the GPU process implementation in Chromium. If a user wer...