Mozilla Firefox is vulnerable to same-origin policy bypass. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer (PDF.js). An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files (including private SSH keys, the /etc/passwd file, and other potentially sensitive files) from the system running Firefox.
lists.opensuse.org/opensuse-security-announce/2015-08/msg00009.html
lists.opensuse.org/opensuse-security-announce/2015-08/msg00010.html
lists.opensuse.org/opensuse-security-announce/2015-08/msg00014.html
lists.opensuse.org/opensuse-security-announce/2015-08/msg00015.html
lists.opensuse.org/opensuse-security-announce/2015-08/msg00021.html
lists.opensuse.org/opensuse-security-announce/2015-09/msg00016.html
rhn.redhat.com/errata/RHSA-2015-1581.html
www.mozilla.org/security/announce/2015/mfsa2015-78.html
www.oracle.com/technetwork/topics/security/bulletinapr2016-2952098.html
www.securityfocus.com/bid/76249
www.securitytracker.com/id/1033216
www.ubuntu.com/usn/USN-2707-1
access.redhat.com/articles/1563163
access.redhat.com/security/updates/classification/#important
blog.mozilla.org/security/2015/08/06/firefox-exploit-found-in-the-wild/
bugzilla.mozilla.org/show_bug.cgi?id=1178058
bugzilla.mozilla.org/show_bug.cgi?id=1179262
rhn.redhat.com/errata/RHSA-2015-1581.html
security.gentoo.org/glsa/201512-10
www.exploit-db.com/exploits/37772/
www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/#firefoxesr38.1.1