Mozilla Foundation Security Advisory 2015-68

OS X crash reports may contain entered key press information

Announced
July 2, 2015
Reporter
David Parks
Impact
Low
Products
Firefox, SeaMonkey
Fixed in
  • Firefox 39
  • SeaMonkey 2.38

Description

Mozilla developer David Parks discovered while reviewing Firefox crash reports that personal data can sometimes be contained in reports from OS X systems. This is because these OS X crash reports will contain the native key that triggered the crash and this can sometimes contain key press information that was being entered when the crash occurred.

This issue does not affect Linux or Windows installations of Firefox.

References