USN-2707-1: Firefox vulnerability

07 August 2015

Firefox could be made to expose sensitive information from local files.



  • firefox - Mozilla Open Source web browser


Cody Crews discovered a way to violate the same-origin policy to inject
script in to a non-privileged part of the PDF viewer. If a user were
tricked in to opening a specially crafted website, an attacker could
exploit this to read sensitive information from local files.

Update instructions

The problem can be corrected by updating your system to the following package versions:

Ubuntu 15.04
Ubuntu 14.04
Ubuntu 12.04

After a standard system update you need to restart Firefox to make
all the necessary changes.