Mozilla Foundation Security Advisory 2015-68
OS X crash reports may contain entered key press information
- July 2, 2015
- David Parks
- Firefox, SeaMonkey
- Fixed in
- Firefox 39
- SeaMonkey 2.38
Mozilla developer David Parks discovered while reviewing Firefox crash reports that personal data can sometimes be contained in reports from OS X systems. This is because these OS X crash reports will contain the native key that triggered the crash and this can sometimes contain key press information that was being entered when the crash occurred.
This issue does not affect Linux or Windows installations of Firefox.