Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails

Supprimer ce message

Répondre à ce message
Auteur: Romeo Papa
Date:  
À: tails-dev
Sujet: Re: [Tails-dev] MFSA 2015-78 (aka. CVE-2015-4495) vs. Tails
On 08/07/2015 02:33 PM, Jacob Appelbaum wrote:> By the exploit, as I
understood things? I could be mistaken and
> probably am mistaken. I've heard that the vulnerable code is in FF31 -
> I haven't looked myself yet.


https://access.redhat.com/articles/1563163

Considering "all Red Hat products that use the Mozilla Firefox browser
are affected by this issue", all the way to red hat 5, it might be
possible that FF31 be vulnerable to the exploit.

Looks like CVE-2015-4495 can be mitigted by disabling PDF.js so it's
probably a good idea to go ahead and do that:

PDF.js can be disabled as follows:

    1. Type about:config in the Firefox address bar
    2. Search for the pdfjs.disabled entry
    3. Set the pdfjs.disabled entry to True