Advisories ยป MGASA-2015-0305

Updated firefox package fixes CVE-2015-4495

Publication date: 07 Aug 2015
Modification date: 07 Aug 2015
Type: security
Affected Mageia releases : 4 , 5
CVE: CVE-2015-4495

Description

Updated firefox packages fix security vulnerability:

Security researcher Cody Crews reported on a way to violate the same origin
policy and inject script into a non-privileged part of the built-in PDF Viewer
in Firefox. This would allow an attacker to read and steal sensitive local
files on the victim's computer (CVE-2015-4495).
                

References

SRPMS

4/core

5/core