Exetools  

Go Back   Exetools > General > General Discussion

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-13-2015, 13:27
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 786
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 806
Thanks Rcvd at 2,065 Times in 595 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Exclamation A CRITICAL Firefox Vuln - Violation and local file stealing via PDF reader

Official link :

Quote:
https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
Link which explains it more simply in "english" at :

Quote:
http://www.welivesecurity.com/2015/08/11/firefox-under-fire-anatomy-of-latest-0-day-attack/
What it means for US :

If you do not update your Firefox browser to the latest version (39.0.3 as of now)
AND
if you open a malicious PDF file from some website in the embedded PDF Viewer, then it allows attackers to read and write files on local machine as well as upload them to a remote server.

ALL of us can be affected by this.

Please update your browsers to the latest version.
Reply With Quote
  #2  
Old 08-13-2015, 21:31
niculaita's Avatar
niculaita niculaita is offline
Family
 
Join Date: Jun 2011
Location: here
Posts: 1,299
Rept. Given: 932
Rept. Rcvd 87 Times in 59 Posts
Thanks Given: 3,727
Thanks Rcvd at 471 Times in 332 Posts
niculaita Reputation: 87
or reverse? if last is vulnerable and previous not?
Reply With Quote
  #3  
Old 08-14-2015, 16:04
TechLord TechLord is offline
Banned User
 
Join Date: Mar 2005
Location: 10 Steps Ahead of You
Posts: 786
Rept. Given: 389
Rept. Rcvd 247 Times in 112 Posts
Thanks Given: 806
Thanks Rcvd at 2,065 Times in 595 Posts
TechLord Reputation: 200-299 TechLord Reputation: 200-299 TechLord Reputation: 200-299
Quote:
Originally Posted by niculaita View Post
or reverse? if last is vulnerable and previous not?
Sorry, I cannot really understand what you mean...
In case, you were trying to say that maybe the newer versions would have worse vulns, then maybe you are right...

But the fact remains that it is CONFIRMED that the earlier version of thr Firefox are vulnerable and that the FIX is only provided fo rthe v39.0.3 !

However, for anyone who thinks that the above post of mine is not really meant to be in a RE forum :

Many of us use Firefox Browser, and this particular vuln is something really CRITICAL, as we open PDF files all the time on the web. Sometimes the PDFs open even without specifically asking us...

So in those cases, we would not want the "bad guys" to access local files on our computer and even upload them elsewhere !

Thats why had posted this, as this applies to nearly all of us !
Reply With Quote
  #4  
Old 08-15-2015, 15:39
sendersu sendersu is offline
VIP
 
Join Date: Oct 2010
Posts: 870
Rept. Given: 325
Rept. Rcvd 217 Times in 111 Posts
Thanks Given: 170
Thanks Rcvd at 380 Times in 213 Posts
sendersu Reputation: 200-299 sendersu Reputation: 200-299 sendersu Reputation: 200-299
FF 40 already baked
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Need help in exploiting a kernel vuln SinaDiR General Discussion 0 01-10-2011 23:21
Another vuln, this time its PEiD. ghalen General Discussion 8 01-31-2005 19:46
vBulletin 3.0.3 exploited, critical update SOLAR General Discussion 1 01-10-2005 02:51


All times are GMT +8. The time now is 21:06.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2022 )