Mozilla Products: Security bypass of PDF.js checks using iframes - mfsa2013-99ID: oval:org.secpod.oval:def:16297 | Date: (C)2013-12-30 (M)2023-11-18 |
Class: PATCH | Family: macos |
Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js . This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files.
Platform: |
Apple Mac OS 14 |
Apple Mac OS 13 |
Apple Mac OS 12 |
Apple Mac OS 11 |
Apple Mac OS X 10.15 |
Apple Mac OS X 10.14 |
Apple Mac OS X 10.13 |
Apple Mac OS X 10.11 |
Apple Mac OS X 10.12 |
Product: |
Mozilla Firefox ESR |
Mozilla Firefox |