Same-origin bypass vulnerability in Firefox PDF Viewer

Same-origin bypass vulnerability in Firefox PDF Viewer

CVE-2018-5157 · MEDIUM Severity

AV:N/AC:L/AU:N/C:P/I:N/A:N

Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Learn more about our Web App Pen Testing.