Mozilla Firefox ESR CVE-2015-4495 Information Disclosure Vulnerability
Description
Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer.
Affected Applications
Firefox ESR