First published: Thu Dec 11 2014(Updated: )
Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.
Credit: security@mozilla.org security@mozilla.org
Affected Software | Affected Version | How to fix |
---|---|---|
Mozilla Firefox ESR | =31.0 | |
Mozilla Firefox ESR | =31.1.0 | |
Mozilla Firefox ESR | =31.1.1 | |
Mozilla Firefox ESR | =31.2 | |
Apple Mac OS X | =10.10.0 | |
Mozilla Thunderbird | <=31.2 | |
Mozilla Firefox | <=33.0 | |
All of | ||
Any of | ||
Mozilla Firefox | =31.0 | |
Mozilla Firefox | =31.1.0 | |
Mozilla Firefox | =31.1.1 | |
Mozilla Firefox ESR | =31.2 | |
Apple Mac OS X | =10.10.0 | |
All of | ||
Mozilla Thunderbird | <=31.2 | |
Apple Mac OS X | =10.10.0 | |
All of | ||
Mozilla Firefox | <=33.0 | |
Apple Mac OS X | =10.10.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.