Security Alert (A15-04-02): Multiple Vulnerabilities in Firefox
08 April 2015
Mozilla has published security advisories to address multiple vulnerabilities found in Firefox. These vulnerabilities are caused by a flaw in Reader mode on Firefox for Android to bypass restrictions and load privileged content, and a flaw in the HTTP Alternative Service implementation to bypass SSL certificate verification to launch man-in-the-middle attacks. A remote attacker could entice a user to open a web page in a specially configured server or with specially crafted content to exploit the vulnerabilities.
Firefox prior to version 37.0.1
Depending on the vulnerability exploited, a successful attack could lead to website spoofing, bypass of security restrictions and arbitrary code execution.
Mozilla has released new versions of the products to address the issues and they can be downloaded at the following URLs:
Firefox 37.0.1 for Windows, Macintosh and Linux http://www.mozilla.org/en-US/firefox/all.html
Firefox 37.0.1 for Android http://play.google.com/store/apps/details?id=org.mozilla.firefox
Users of affected systems should follow the recommendations provided by the product vendor and take immediate actions to mitigate the risk.