| Revision Date: | 2014-10-06 | Version: | 18 |
| Title: | PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. |
| Description: | PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object. |
| Family: | windows | Class: | vulnerability |
| Status: | ACCEPTED | Reference(s): | CVE-2013-5598
|
| Platform(s): | Microsoft Windows 2000
Microsoft Windows 7
Microsoft Windows 8
Microsoft Windows Server 2003
Microsoft Windows Server 2008
Microsoft Windows Server 2012
Microsoft Windows Vista
Microsoft Windows XP
| Product(s): | Mozilla Firefox
Mozilla Firefox ESR
|
| Definition Synopsis |
| Check for vulnerable Firefox mainline Mozilla Firefox Mainline release is installed
AND Mozilla Firefox Mainline version is greater than or equal to 0.1
AND Mozilla Firefox Mainline version is less than 25.0
OR Check for vulnerable Mozilla Firefox ESR
Mozilla Firefox ESR is installed
AND Mozilla Firefox ESR version is less than 24.1 and greater than or equal to 24.x
|