PS: Sorry about all the messages I'm apparently sending while writing up
the message I need to see what's happening...
After reading further, I've found the debian page saying only
38.1.0esr-3 is vulnerable
(
https://security-tracker.debian.org/tracker/CVE-2015-4495).
But I've also found the origins of the vulnerability from the commits
for Firefox 39.0.3, it is from the pdf.js and after tracking the history
I believe the bug might have been present since possibly 2 years if not
more.
https://github.com/mozilla/pdf.js/commit/4f3f983a214867011dda8c5597a4d3523c5f1423
PS: Sorry about all the messages I'm apparently sending while writing up
the message I need to see what's happening...
