Описание
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| firefox | fixed | 60.0-1 | package | |
| firefox-esr | fixed | 52.8.0esr-1 | package | |
| gitlab | fixed | 11.8.6+dfsg-1 | package |
Примечания
https://www.mozilla.org/en-US/security/advisories/mfsa2018-11/#CVE-2018-5158
https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
https://about.gitlab.com/2019/04/01/security-release-gitlab-11-dot-9-dot-4-released/
EPSS
Связанные уязвимости
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Malicious PDF can inject JavaScript into PDF Viewer
Уязвимость компонента PDF Viewer браузеров Firefox ESR и Firefox, позволяющая нарушителю выполнить произвольный код
EPSS