tagline: Confidence in the Connected World
CIS Logo
HomeResourcesAdvisoriesVulnerability in Mozilla Firefox Could Allow for Privilege Escalation

Vulnerability in Mozilla Firefox Could Allow for Privilege Escalation

MS-ISAC ADVISORY NUMBER:

2015-090

DATE(S) ISSUED:

08/06/2015

OVERVIEW:

A vulnerability has been identified in Mozilla Firefox which could allow for Privilege Escalation. Mozilla Firefox is a web browser used to access the Internet. Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of this vulnerability may result in an attacker being able to read and steal sensitive local files on the victim's computer.

THREAT INTELLIGENCE:

Mozilla has received information that indicates an exploit for this vulnerability has been found in the wild.

SYSTEMS AFFECTED:

  • Mozilla Firefox versions prior to 39.0.3
  • Firefox ESR versions prior to 38.1.1

RISK:

Government:
  • Large and medium government entities: HIGH
  • Small government entities: HIGH
Businesses:
  • Large and medium business entities: HIGH
  • Small business entities: HIGH
Home Users:
HIGH

TECHNICAL SUMMARY:

A vulnerability has been discovered in Mozilla Firefox’s built-in PDF viewer that may allow an attacker to view and steal sensitive files on a victim’s computer.This exploit occurs by injecting a JavaScript payload into the local file context, which allows the script to search for and upload potentially sensitive local files of the user. This vulnerability can be exploited in the background when a user visits a specially crafted webpage with the exploit code embedded. The exploit specifically looks for FTP configuration files, subversion, s3browser, Filezilla, libpurple and other account information on a Windows system and Global configuration files and user directories on a Linux system.

Note: Mac users are not susceptible to the currently available exploit code, however the underlying vulnerability still exists within Mozilla Firefox for Macs and could be exploited by an attacker by creating a different payload.

RECOMENDATIONS:

We recommend the following actions be taken:

Apply appropriate updates provided by Mozilla Firefox to vulnerable systems immediately after appropriate testing.
Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.

REFERENCES:

Get Email Updates When Cyber Threats Like This Arise

Arrow Subscribe to Advisories