Novell Home

CVE-2013-5598

Common Vulnerabilities and Exposures

[Previous] [Index] [Next]

Upstream information

CVE-2013-5598 at MITRE

Description

PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.

NVD CVSS v2 Base Score: 8.3 (AV:N/AC:M/Au:N/C:C/I:P/A:P)

Novell/SUSE information

Novell Bugzilla entry: 847708

SUSE Security Advisories:

© 2014 Novell