CVE Published: 11/06/2018 |
CVE Updated: 05/08/2024 |
CVE Year: 2018 Source: mozilla |
Vendor: Mozilla |
Product: Firefox ESR Status : PUBLISHED
CVE-2018-5157 Description
Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.