CVE-2018-5157

Summary

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Affected Software

VendorProductVersion RangeStatus
MozillaFirefox ESRunspecified < 52.8affected
MozillaFirefoxunspecified < 60affected

Weaknesses

  • Same-origin bypass of PDF Viewer to view protected PDF files

ADP Enrichment

CVE Program Container

Additional References

References