The Mozilla Foundation has released security updates to address a critical vulnerability in the built-in PDF Viewer for Firefox and Firefox ESR. An attacker who successfully exploits this vulnerability could read and steal sensitive local files on the vulnerable computer.
Available updates include:
- Firefox 39.0.3
- Firefox ESR 38.1.1
Computing Services and Systems Development (CSSD) recommends that users review Mozilla’s security advisory and apply the necessary updates.
In addition, CSSD also recommends that all users install Symantec Endpoint Protection software and use the LiveUpdate feature to get the latest virus definitions. As a complement to Symantec Endpoint Protection, CSSD offers a free version of Malwarebytes for individuals and departments. Students, faculty, and staff can download Malwarebytes and Symantec Endpoint Protection at no cost through the Software Download Service at My Pitt. Departments can submit a help request to obtain Malwarebytes for multiple machines.
Please contact the Technology Help Desk at 412-624-HELP  if you have any questions regarding this announcement.