A CRITICAL Firefox Vuln - Violation and local file stealing via PDF reader

[TechLord]

Official link :

Quote:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/

Link which explains it more simply in "english" at :

Quote:

http://www.welivesecurity.com/2015/08/11/firefox-under-fire-anatomy-of-latest-0-day-attack/

What it means for US :

If you do not update your Firefox browser to the latest version (39.0.3 as of now)
AND
if you open a malicious PDF file from some website in the embedded PDF Viewer, then it allows attackers to read and write files on local machine as well as upload them to a remote server.

ALL of us can be affected by this.

Please update your browsers to the latest version.

[niculaita]

or reverse? if last is vulnerable and previous not?

[TechLord]

Quote:

Originally Posted by niculaita

or reverse? if last is vulnerable and previous not?

Sorry, I cannot really understand what you mean...
In case, you were trying to say that maybe the newer versions would have worse vulns, then maybe you are right...

But the fact remains that it is CONFIRMED that the earlier version of thr Firefox are vulnerable and that the FIX is only provided fo rthe v39.0.3 !

However, for anyone who thinks that the above post of mine is not really meant to be in a RE forum :

Many of us use Firefox Browser, and this particular vuln is something really CRITICAL, as we open PDF files all the time on the web. Sometimes the PDFs open even without specifically asking us...

So in those cases, we would not want the "bad guys" to access local files on our computer and even upload them elsewhere !

Thats why had posted this, as this applies to nearly all of us !

[sendersu]

FF 40 already baked