Test ID:	1.3.6.1.4.1.25623.1.2.1.2015.60
Category:	General
Title:	Mozilla Firefox Security Advisory (MFSA2015-60) - Linux
Summary:	This host is missing a security update for Mozilla Firefox.
Description:	Summary: This host is missing a security update for Mozilla Firefox. Vulnerability Insight: Local files or privileged URLs in pages can be opened into new tabs Security researcher Jann Horn reported that when Mozilla Foundation Security Advisory 2015-25 was fixed in Firefox 37, an error was made that caused the fix to not be applied to Firefox 38, effectively causing the bug to be unfixed in Firefox 38 (and Firefox ESR38) once it shipped. As Armin Razmdjou reported for that issue, opening hyperlinks on a page with the mouse and specific keyboard key combinations could allow a Chrome privileged URL to be opened without context restrictions being preserved. This could allow for local files or resources from a known location to be opened with local privileges, bypassing security protections. Affected Software/OS: Firefox version(s) below 39. Solution: The vendor has released an update. Please see the reference(s) for more information. CVSS Score: 6.8 CVSS Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Cross-Ref:	Common Vulnerability Exposure (CVE) ID: CVE-2015-2727 BugTraq ID: 75541 http://www.securityfocus.com/bid/75541 https://security.gentoo.org/glsa/201512-10 RedHat Security Advisories: RHSA-2015:1207 http://rhn.redhat.com/errata/RHSA-2015-1207.html http://www.securitytracker.com/id/1032783 SuSE Security Announcement: openSUSE-SU-2015:1229 (Google Search) http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00025.html http://www.ubuntu.com/usn/USN-2656-1 http://www.ubuntu.com/usn/USN-2656-2
Copyright	Copyright (C) 2021 Greenbone Networks GmbH

This is only one of 145615 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below.