977 matches found
CVE-2026-0887
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability affects Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
CVE-2026-0887 Clickjacking issue, information disclosure in the PDF Viewer component
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
CVE-2026-0887
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
CVE-2026-0887
Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and Thunderbird 140.7...
PT-2026-2649
Name of the Vulnerable Software and Affected Versions Firefox versions prior to 147 Firefox ESR versions prior to 140.7 Description A clickjacking issue exists, leading to information disclosure within the PDF Viewer component. The issue allows unauthorized access to sensitive information...
Linux Distros Unpatched Vulnerability : CVE-2026-0887
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Clickjacking issue, information disclosure in the PDF Viewer component. This vulnerability was fixed in Firefox 147, Firefox ESR 140.7, Thunderbird 147, and...
Mozilla -- multiple vulnerabilities
Memory safety bugs present in firefox-esr 140.6, Thunderbird ESR 140.6, Firefox 146 and Thunderbird 146. Spoofing issue in the DOM: Copy & Paste and Drag & Drop component. Clickjacking issue and information disclosure in the PDF Viewer component. Use-after-free in the JavaScript: GC component...
CVE-2019-16385
Cybele Thinfinity VirtualUI 2.5.17.2 allows HTTP response splitting via the mimetype parameter within a PDF viewer request, as demonstrated by an example.pdf?mimetype= substring. The victim user must load an application request to view a PDF, containing the malicious payload. This results in a...
Nextcloud Server Multiple Vulnerabilities (GHSA-24wp-p865-7j4r)
Nextcloud Server is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:nextcloud:nextcloudserver"...
[SECURITY] Fedora 42 Update: xpdf-4.06-1.fc42
Xpdf is an X Window System based viewer for Portable Document Format PDF files. Xpdf is a small and efficient program which uses standard X fonts...
EUVD-2025-201255
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
CVE-2025-59788
Cross-site scripting XSS vulnerability in a reachable filespdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in...
CVE-2025-59788
Technical details about CVE-2025-59788 are not publicly available in the connected documents provided. The materials summarize Nextcloud XSS in a reachable files_pdfviewer directory and list affected versions, but no further technical specifics, root cause, impact, or remediation are included her...
Google Chrome < 19.0.0.245 Vulnerability
The version of Google Chrome installed on the remote Windows host is prior to 19.0.0.245. It is, therefore, affected by a vulnerability as referenced in the 201511stable-channel-update advisory. - The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages an...
Google Chrome < 19.0.0.245 Vulnerability
The version of Google Chrome installed on the remote macOS host is prior to 19.0.0.245. It is, therefore, affected by a vulnerability as referenced in the 201511stable-channel-update advisory. - The PDF viewer in Google Chrome before 46.0.2490.86 does not properly restrict scripting messages and...
Mozilla Firefox < 60.0
The version of Firefox installed on the remote Windows host is prior to 60.0. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2018-11 advisory. - Mozilla developers and community members Christoph Diehl, Christian Holler, Jon Coppeard, Jason Kratzer, Nathan Froyd,...
Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in react-pdf-5.0.0.tgz
Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in react-pdf-5.0.0.tgz Vulnerability Details CVEID:CVE-2024-34342 DESCRIPTION: react-pdf displays PDFs in React apps. If PDF.js is used to load a malicious PDF, and PDF.js is configured with...
SUSE CVE-2025-11896
In Xpdf 4.05 and earlier, a PDF object loop in a CMap, via the "UseCMap" entry, leads to infinite recursion and a stack overflow...
EUVD-2000-0723
Malware in sbrugna...