Arch Linux Security Advisory ASA-201508-1 ========================================= Severity: Critical Date : 2015-08-07 CVE-ID : CVE-2015-4495 Package : firefox Type : information leakage Remote : Yes Link : https://wiki.archlinux.org/index.php/CVE Summary ======= The package firefox before version 39.0.3-1 is vulnerable to local file stealing. Resolution ========== Upgrade to 39.0.3-1. # pacman -Syu "firefox>=39.0.3-1" The problem has been fixed upstream in version 39.0.3. Workaround ========== This issue can be mitigated by disabling the built-in PDF viewer, PDF.js. This can be done by typing about:config in the address bar, pressing Enter, looking for the pdfjs.disabled value and setting it to True by right-clicking on the line and left-clicking "Toggle". Note that accessing the about:config page might trigger a "This might void your warranty!" warning, easily dismissed by clicking on the "I'll be careful, I promise!" button. Description =========== Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer. Mozilla has received reports that an exploit based on this vulnerability has been found in the wild. Impact ====== A remote attacker can craft a malicious web page stealing arbitrary files from the host running firefox. Mozilla reports that this flaw is already exploited in the wild. At least one exploit is targeting Linux and reads /etc/passwd, then in all the user directories it can access looks for .bash_history, .mysql_history, .pgsql_history, .ssh configuration files and keys, configuration files for remina, Filezilla, and Psi+, text files with “pass” and “access” in the names, and any shell scripts. References ========== https://blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wi... https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ https://access.redhat.com/security/cve/CVE-2015-4495 https://access.redhat.com/articles/1563163