PDF Viewer PostScript Calculator Function Injection Vulnerability

CVE-2018-5158 · MEDIUM Severity

AV:N/AC:M/AU:N/C:P/I:P/A:P

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Learn more about our Web Application Penetration Testing UK.