The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
Debian | 999 | all | firefox | < 60.0-1 | firefox_60.0-1_all.deb |
Debian | 12 | all | firefox-esr | < 52.8.0esr-1 | firefox-esr_52.8.0esr-1_all.deb |
Debian | 11 | all | firefox-esr | < 52.8.0esr-1 | firefox-esr_52.8.0esr-1_all.deb |
Debian | 10 | all | firefox-esr | < 52.8.0esr-1 | firefox-esr_52.8.0esr-1_all.deb |
Debian | 999 | all | firefox-esr | < 52.8.0esr-1 | firefox-esr_52.8.0esr-1_all.deb |
Debian | 13 | all | firefox-esr | < 52.8.0esr-1 | firefox-esr_52.8.0esr-1_all.deb |
Debian | 999 | all | gitlab | < 11.8.6+dfsg-1 | gitlab_11.8.6+dfsg-1_all.deb |