Mozilla Firefox PDF Viewer Same-Origin Bypass Vulnerability

Last Update Date: 10 Aug 2015 09:30 Release Date: 10 Aug 2015 3833 Views

RISK: High Risk

High Risk

TYPE: Clients - Browsers

TYPE: Browsers

A vulnerability was identified in Mozilla Firefox. A remote user can obtain files from the target user's system.

 

A remote user can create specially crafted content that, when loaded by the target user, will bypass same-origin policy and inject arbitrary JavaScript into the built-in PDF Viewer in the local file context and gain access to files on the target user's system with the privileges of the target user.

 

NOTE: This vulnerability is being actively exploited.

Impact

  • Security Restriction Bypass

System / Technologies affected

  • prior to 39.0.3

Solutions

Before installation of the software, please visit the software manufacturer web-site for more details.

  • The vendor has issued a fix (39.0.3, ESR 38.1.1).

Vulnerability Identifier

Source

Related Link

Share with

Previous

WordPress Multiple Vulnerabilities

6 Aug 2015 3700 Views

Next

Adobe Flash Player Multiple Vulnerabilities

12 Aug 2015 3843 Views

We use cookies to give you the best possible experience on our website. By continuing to browse this site, you give consent for cookies to be used. For more details please read our Cookie Policy.

PRIVACY POLICY