CVE Vulnerabilities

CVE-2013-5598

Published: Oct 30, 2013 | Modified: Sep 19, 2017
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
8.3 HIGH
AV:N/AC:M/Au:N/C:C/I:P/A:P
RedHat/V2
6.8 CRITICAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V3
Ubuntu

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

Affected Software

Name Vendor Start Version End Version
Firefox_esr Mozilla 24.0 24.0
Firefox_esr Mozilla 24.0.1 24.0.1
Firefox_esr Mozilla 24.0.2 24.0.2
Firefox Ubuntu devel *
Firefox Ubuntu lucid *
Firefox Ubuntu precise *
Firefox Ubuntu quantal *
Firefox Ubuntu raring *
Firefox Ubuntu saucy *
Firefox Ubuntu upstream *

References