CVE-2015-0822 Information

Description

The Form Autocompletion feature in Mozilla Firefox before 36.0 Firefox ESR 31.x before 31.5 and Thunderbird before 31.5 allows remote attackers to read arbitrary files via crafted JavaScript code.

Reference

http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00000.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00006.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00007.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00008.html http://lists.opensuse.org/opensuse-security-announce/2015-03/msg00026.html http://lists.opensuse.org/opensuse-security-announce/2015-07/msg00031.html http://lists.opensuse.org/opensuse-updates/2015-03/msg00067.html http://rhn.redhat.com/errata/RHSA-2015-0265.html http://rhn.redhat.com/errata/RHSA-2015-0266.html http://rhn.redhat.com/errata/RHSA-2015-0642.html http://www.debian.org/security/2015/dsa-3174 http://www.debian.org/security/2015/dsa-3179 http://www.mozilla.org/security/announce/2015/mfsa2015-24.html http://www.oracle.com/technetwork/topics/security/bulletinapr2015-2511959.html http://www.securityfocus.com/bid/72756 http://www.securitytracker.com/id/1031791 http://www.securitytracker.com/id/1031792 http://www.ubuntu.com/usn/USN-2505-1 http://www.ubuntu.com/usn/USN-2506-1 https://bugzilla.mozilla.org/show_bug.cgi?id=1110557 https://security.gentoo.org/glsa/201504-01