Mozilla Products: Security bypass of PDF.js checks using iframes - CVE-2013-5598ID: oval:org.secpod.oval:def:16305 | Date: (C)2013-12-30 (M)2023-11-18 |
Class: VULNERABILITY | Family: macos |
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla Firefox ESR |
Mozilla Firefox |