Mozilla Firefox CVE-2013-5598 Weak Authentication Vulnerability

description-logoDescription

Security researcher Cody Crews discovered a method to append an iframe into an embedded PDF object rendered with the chrome privileged PDF.js. This can used to bypass security restrictions to load local or chrome privileged files and objects within the embedded PDF object. This can lead to information disclosure of local system files.

affected-products-logoAffected Applications

Firefox

CVE References

CVE-2013-5598