Security Update:Critical Vulnerability in Firefox That Could Allow an Attacker to Read/Steal Sensitive Files
Date and Time
Firefox and Firefox ESR users
The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR.
Mozilla classifies a critical vulnerability when no user interaction beyond normal browsing is required to exploit vulnerabilities.
Advanced Users: For a complete description of the security enhancement and affected software refer to Mozilla Foundation Security Advisory 2015-78 at https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/.
- Firefox 39.0.2 and below
- Firefox ESR 38.1.0 and below
- Firefox OS 2.1 and below
WHAT'S THE PROBLEM?
Exploitation of the vulnerability may allow an attacker to read and steal sensitive local files on the victim's computer.
HOW DO I PROTECT MY COMPUTER?
Update your software
- If you are supported by ITFS or have different IT support, no action on your part is required.
- If you do not have IT support or they do not support your computer, Firefox is setup by default to auto update.
- If you disabled auto update, refer to Mozilla Foundation Security Advisory 2015-78 at https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
- IT Security - http://it.ucsf.edu/security