Dear Faculty, Students and Staff,

A critical security vulnerability has been identified in the Firefox browser. This vulnerability can allow a remote attacker to read and steal local files without any action required from the user other than browsing a site which has the exploit. Note that the site may not be complicit in delivering the exploit since it can be included in advertisements or other embedded objects. For more information see the relevant links below.

While we have pushed the update to our IT-managed PCs on campus, we advise all of our users to update Firefox on their personal computers. Windows, Linux and Mac versions prior to 39.0.3 are vulnerable, but Android versions are not.

Vendor Advisory:

http://www.mozilla.org/security/announce/2015/mfsa2015-78.html

 

Relevant Links:

http://www.neowin.net/news/firefox-has-a-nasty-exploit-mozilla-encouraging-users-to-upgrade-immediately

http://www.net-security.org/secworld.php?id=18736

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-4495

Jerome Marella | Director, Core Infrastructure and Services

Firefox browser security update