PT-2013-5668 · Mozilla+2 · Firefox+3

Cody Crews

Published

2013-10-29

Updated

2024-12-12

CVE-2013-5598

CVSS v2.0

8.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:P/A:P

Name of the Vulnerable Software and Affected Versions Mozilla Firefox versions prior to 25.0 Mozilla Firefox ESR versions 24.x prior to 24.1

Description The issue allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using an IFRAME element within an embedded PDF object. This is due to the improper handling of the appending of an IFRAME element by PDF.js in Mozilla Firefox.

Recommendations For Mozilla Firefox versions prior to 25.0, update to version 25.0 or later. For Mozilla Firefox ESR versions 24.x prior to 24.1, update to version 24.1 or later.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-264

Related Identifiers

ALT-PU-2013-1056

CVE-2013-5598

OPENSUSE-SU-2013_1633-1

OPENSUSE-SU-2024:10071-1

OPENSUSE-SU-2024:14572-1

Affected Products

Alt Linux

Firefox

Pdf.Js

Suse

PT-2013-5668 · Mozilla+2 · Firefox+3

CVE-2013-5598

Weakness Enumeration

Related Identifiers

Affected Products

References · 2108