Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

This message is part of the following thread:
Mthe complete thread tree sorted by date
M-+\intrigeri at <-
M\MMNicolas Vigier at ->
Delete this message

Reply to this message
Author: Romeo Papa
Date:  
To: tails-dev
Subject: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
On 08/07/2015 02:33 PM, Jacob Appelbaum wrote:> By the exploit, as I
understood things? I could be mistaken and
> probably am mistaken. I've heard that the vulnerable code is in FF31 -
> I haven't looked myself yet.

https://access.redhat.com/articles/1563163

Considering "all Red Hat products that use the Mozilla Firefox browser
are affected by this issue", all the way to red hat 5, it might be
possible that FF31 be vulnerable to the exploit.

Looks like CVE-2015-4495 can be mitigted by disabling PDF.js so it's
probably a good idea to go ahead and do that:

PDF.js can be disabled as follows: 

    1. Type about:config in the Firefox address bar
    2. Search for the pdfjs.disabled entry
    3. Set the pdfjs.disabled entry to True


This message was posted to the following mailing lists:
tails-dev
Mailing List Info | Nearby Messages		<-Re: [Tails-dev] RFC: Phrasing for warning users when running in a non-free VMRe: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails->
lists.autistici.org administrated by postmasterLurker (version 2.3)