ID	32615
Created	Dec 09, 2021
Description Updated	Feb 16, 2022
Severity
Coverage	FortiClient
OS	MacOS
Vendor	Mozilla
Patch	auto
Product	Firefox , Firefox ESR

Refine Search

Threat Encyclopedia

Security bypass of PDF.js checks using iframes

Description

Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js. This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files.

Affected Products

Firefox
Firefox ESR

Telemetry

CVE References

CVE-2013-5598

Other References

https://www.mozilla.org/en-US/security/advisories/mfsa2013-99

Network

Content and Endpoint

Application

Response

FortiNDR

FortiSandbox

FortiTester

Threat Encyclopedia

Security bypass of PDF.js checks using iframes

Description

Affected Products

Telemetry

CVE References

Other References

News / Research

Network

Content and Endpoint

Application

Response

FortiGate

FortiDeceptor

FortiClient

FortiMail

FortiEDR

FortiADC

FortiAnalyzer/FortiSIEM

FortiCWP

FortiWeb

FortiNDR

FortiSandbox

FortiTester

Threat Lookup

PSIRT

Resources

Threat Encyclopedia

Security bypass of PDF.js checks using iframes

Description

Affected Products

Telemetry

CVE References

Other References