Archive | August 10, 2015

Firefox: New exploit found, update immediately

Mozilla has released a security update for a vulnerability in their Firefox web browser. The vulnerability comes from the interaction of the mechanism that enforces JavaScript context separation (the “same origin policy”) and Firefox’s PDF Viewer. Mozilla products that don’t contain the PDF Viewer, such as Firefox for Android, are not vulnerable. The vulnerability does not enable the execution of arbitrary code but the exploit was able to inject a JavaScript payload into the local file context. This allowed it to search for and upload potentially sensitive local files.

To manually update Firefox:

  1. Click the menu button New Fx Menu , click help Help-29 and select About Firefox. On the menu bar click the Firefox menu and select About Firefox.
  2. The About Firefox window will open and Firefox will begin checking for updates and downloading them automatically.
    Update Win1 Fx14
  3. When the updates are ready to be installed, click Restart to UpdateRestart Firefox to Update.
    Update Win2 Fx14 Update Win2 Fx34