Mozilla Firefox before 34.0, Firefox ESR 31.x before 31.3, and Thunderbird before 31.3 on Apple OS X 10.10 omit a CoreGraphics disable-logging action that is needed by jemalloc-based applications, which allows local users to obtain sensitive information by reading /tmp files, as demonstrated by credential information.
AV:L/AC:L/Au:N/C:P/I:N/A:NApple Mac Os X
OSApple10.10.0Mozilla Firefox
APPMozilla31.031.1.031.1.1≤ 33.0Mozilla Firefox Esr
APPMozilla31.2Mozilla Thunderbird
APPMozilla≤ 31.2
Related vulnerabilities
Use-after-free w Animation timelines Firefox/Thunderbird — RCE
An unexpected message in the WebGPU IPC framework could lead to a use-after-free and exploitable sandbox escap...
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Big Sur 11.2, Security Up...
Insufficient vetting of parameters passed with the Prompt:Open IPC message between child and parent processes ...