New Search

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

oval:org.mitre.oval:def:19133

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

Family:
windows
Status:
ACCEPTED
Platform(s):
  • Microsoft Windows 2000
  • Microsoft Windows Server 2003
  • Microsoft Windows XP
  • Microsoft Windows Server 2012
  • Microsoft Windows 8
  • Microsoft Windows 7
  • Microsoft Windows Vista
  • Microsoft Windows Server 2008
Class:
vulnerability
Reference(s):
  • CVE-2013-5598
Product(s):
  • Mozilla Firefox ESR
  • Mozilla Firefox