it.ucsf.edu

Security Update:Critical Vulnerability in Firefox That Could Allow an Attacker to Read/Steal Sensitive Files

Status Type

Security Update

Date and Time

Friday, August 7, 2015 - 15:59

Reason

Security Update

Impact

Firefox and Firefox ESR users

 

WHAT HAPPENED?

The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR.

Mozilla classifies a critical vulnerability when no user interaction beyond normal browsing is required to exploit vulnerabilities.

Advanced Users: For a complete description of the security enhancement and affected software refer to Mozilla Foundation Security Advisory 2015-78 at https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/.

 

AFFECTED SYSTEMS:

  • Firefox 39.0.2 and below
  • Firefox ESR 38.1.0 and below
  • Firefox OS 2.1 and below

 

WHAT'S THE PROBLEM?

Exploitation of the vulnerability may allow an attacker to read and steal sensitive local files on the victim's computer.
 

HOW DO I PROTECT MY COMPUTER?

Update your software

  1. If you are supported by ITFS or have different IT support, no action on your part is required.
  2. If you do not have IT support or they do not support your computer, Firefox is setup by default to auto update.

 

RELATED LINKS