Threat Encyclopedia

Security bypass of PDF.js checks using iframes

description-logoDescription

Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js. This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files.

affected-products-logoAffected Products

Firefox
Firefox ESR

Telemetry

CVE References

CVE-2013-5598