CIS CYBERSECURITY ADVISORIES
MS-ISAC ADVISORY NUMBER:
Vulnerability in Mozilla Firefox Could Allow for Privilege Escalation
A vulnerability has been identified in Mozilla Firefox which could allow for Privilege Escalation. Mozilla Firefox is a web browser used to access the Internet. Firefox ESR is a version of the web browser intended to be deployed in large organizations. Successful exploitation of this vulnerability may result in an attacker being able to read and steal sensitive local files on the victim's computer.
Mozilla has received information that indicates an exploit for this vulnerability has been found in the wild.
- Mozilla Firefox versions prior to 39.0.3
- Firefox ESR versions prior to 38.1.1
- Large and medium government entities: High
- Small government entities:High
- Large and medium business entities: High
- Small business entities: High
Home users: High
Note: Mac users are not susceptible to the currently available exploit code, however the underlying vulnerability still exists within Mozilla Firefox for Macs and could be exploited by an attacker by creating a different payload.
We recommend the following actions be taken:
- Apply appropriate updates provided by Mozilla Firefox to vulnerable systems immediately after appropriate testing.
- Run all software as a non-privileged user (one without administrative privileges) to diminish the effects of a successful attack.
- Remind users not to visit un-trusted websites or follow links provided by unknown or un-trusted sources.
The Hacker News: