PT-2018-2992 · Mozilla+5 · Firefox Esr+7

Wladimir Palant

Publicado

2018-05-09

Atualizado

2024-12-12

CVE-2018-5158

CVSS v3.1

8.8

Alta

Vetor

AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Firefox ESR versions prior to 52.8 Firefox versions prior to 60 PDF.js versions prior to 2.0.550

Description The issue is related to errors in code generation management in the PDF Viewer component of Firefox ESR and Firefox browsers. It allows a remote attacker to execute arbitrary code using a specially crafted PDF file. The PDF viewer does not sufficiently sanitize PostScript calculator functions, enabling malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker.

Recommendations For Firefox ESR versions prior to 52.8, update to version 52.8 or later. For Firefox versions prior to 60, update to version 60 or later. For PDF.js versions prior to 2.0.550, update to version 2.0.550 or later.

Correção

Code Injection

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-94

Identificadores relacionados

ALT-PU-2018-1787

ALT-PU-2018-1854

BDU:2019-03311

CESA-2018_1414

CESA-2018_1415

CVE-2018-5158

DLA-1376-1

DSA-4199-1

GHSA-7JG2-JGV3-FMR4

MGASA-2018-0248

MGASA-2018-0338

OPENSUSE-SU-2018_1212-1

OPENSUSE-SU-2024:10600-1

OPENSUSE-SU-2024:14572-1

RHSA-2018:1414

RHSA-2018:1415

RHSA-2018_1414

RHSA-2018_1415

SUSE-SU-2018:1319-1

SUSE-SU-2018:1334-1

SUSE-SU-2018:1334-2

SUSE-SU-2018:2298-1

SUSE-SU-2019:2872-1

USN-3645-1

USN-3645-2

Produtos afetados

Alt Linux

Centos

Firefox

Firefox Esr

Pdf.Js

Red Hat

Suse

Ubuntu

PT-2018-2992 · Mozilla+5 · Firefox Esr+7

CVE-2018-5158

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 1973