CVE-2013-5598

EUVD-2013-5438
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 73%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
24.0
mozillafirefox
24.0.1
mozillafirefox
24.0.2
mozillafirefox
𝑥
≤ 24.0
mozillafirefox
19.0
mozillafirefox
19.0.1
mozillafirefox
19.0.2
mozillafirefox
20.0
mozillafirefox
20.0.1
mozillafirefox
21.0
mozillafirefox
22.0
mozillafirefox
23.0
mozillafirefox
23.0.1
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
firefox
lucid
ignored
precise
Fixed 25.0+build3-0ubuntu0.12.04.1
released
quantal
Fixed 25.0+build3-0ubuntu0.12.10.1
released
raring
Fixed 25.0+build3-0ubuntu0.13.04.1
released
saucy
Fixed 25.0+build3-0ubuntu0.13.10.1
released
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
http://www.mozilla.org/security/announce/2013/mfsa2013-99.html
https://bugzilla.mozilla.org/show_bug.cgi?id=920515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19133
https://security.gentoo.org/glsa/201504-01
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00005.html
http://lists.opensuse.org/opensuse-security-announce/2013-11/msg00006.html
http://www.mozilla.org/security/announce/2013/mfsa2013-99.html
https://bugzilla.mozilla.org/show_bug.cgi?id=920515
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A19133
https://security.gentoo.org/glsa/201504-01