Threat Level: green Handler on Duty: Rob VandenBrink

SANS ISC: Critical Firefox Update Today SANS ISC InfoSec Forums

Participate: Learn more about our honeypot network

Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Critical Firefox Update Today

The good folks at Firefox have released their latest version, 39.0.3, in response to vulnerability  CVE-2015-4495, which has been seen in the wild and allows an attacker to read and steal sensitive local files.  The vulnerability takes advantage of the interaction between the JavaScript context separation and the PDF Viewer.  The exploit works by injecting a JavaScript payload into the local file context, which allows it to search and upload local files.  Mozilla products that do not contain the PDF viewer are not vulnerable, as well as Mac systems.

**NOTE**: This exploit has been seen in the wild, and leaves no trace it has run on the local machine.  The exploit description described in greater detail at the Mozilla Security website gives additional details on what files are currently being targeted. As with any updates being deployed into the enterprise, we highly recommend testing updates for impact before deployment, and ensure all configuration and change control requirements are maintained.

tony d0t carothers --gmail


150 Posts
ISC Handler
Aug 7th 2015
Basically, if you are a web developer and use Firefox, change your passwords and ssh certificates.

The exploit is targeted at people who access websites for development and maintenance.
This bug does not only allow to read any local file, but also to (over)WRITE local files, and can thus be (ab)used to execute arbitary code, leading to RCE.
Anyone know of which IPs/URL it's would have been hitting?
Can't find anything in the write-ups that would allow admins to check.

7 Posts

Sign Up for Free or Log In to start participating in the conversation!