Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2015.0102 A vulnerability has been identified in Mozilla Firefox prior to version 41.0.2. 19 October 2015 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Mozilla Firefox Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Access Confidential Data -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2015-7184 Member content until: Wednesday, November 18 2015 OVERVIEW A vulnerability has been identified in Mozilla Firefox prior to version 41.0.2. [1] IMPACT The vendor has provided the following details regarding the vulnerability: CVE-2015-7184: "Security researcher Abdulrahman Alqabandi reported that the fetch() API did not correctly implement the Cross-Origin Resource Sharing (CORS) specification, allowing a malicious page to access private data from other origins. Mozilla developer Ben Kelly independently reported the same issue." [1] MITIGATION The vendor recommends updating to the latest versions of Mozilla Firefox and Mozilla Firefox ESR to correct this issue. [1] REFERENCES [1] Mozilla Foundation Security Advisory 2015-115 https://www.mozilla.org/en-US/security/advisories/mfsa2015-115/ AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBViQ+AX6ZAP0PgtI9AQL+AxAA1PBvFs7qQkIPFHoQKRulx1ZhNCIeijNQ XR2q73e1XcSYVxlEifHN8A365JwjPpQDEZ8PQFEeQTXXVQ+0bwQt2Lpt/HQL4qda BwQVnEWfa7NVOkiORjzTZms1XoGeEQysXn/STZr41nFk7i1ssP6exbmq0OeTyPZM mpaCwAqajW2UB87ESu9zOFIJSNnsXhVXIMG77ctUPBokzmWsYrUGP0PPiyeT/qeu j99gOx81mPlSiPyksSdVvZ6s/jW0tC2DxyvIQ/rLOP6CMDViLhc1YXpqGtq9lNCV 7l1Skw0M7/LQoIQKrmOM5+uUZJ8P9yyvIJyBF078pGuDOm0FCn/SGoVTPPSmigf+ N+X/orObAdZen3keNggYFsZsR1s7SCDIqJ2/2ltmOIqVSEVEkDx8/CLIiVSqNO+K KzLf5cFdxhn0bFpVx/9Rh9bnBPT5HS76DQ81xqKmBNHQMK75e1U38pXrZmmrCeT3 IZQ5ezZTVf7pW9vrR0ybq6mJsZ86Zu+lF7Ar2tPky+8oQuvSUdRS7/oUtF1xM7kt ndOfIWa3TwJFtznxaX1C1YzUbZoFVqp1NTFtat7BR3K2stQmnhONNGWPCU/NU09T 9uLKEQ28JknLLK0PPIOD7HSWAXFKXELWRZ3DMdoTSxU2KOYEOTXmAx7eeaaytNnA nfbzmB5jzx8= =eb0a -----END PGP SIGNATURE-----