Threat Encyclopedia

Security bypass of PDF.js checks using iframes

Description

High

Analysis

Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js. This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files.

Affected Products

Firefox

CVE References

CVE-2013-5598