2 matches found
DEBIAN-CVE-2018-5158
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR 52.8 and Firefox 60...
Cross-site Scripting (XSS)
Overview pdfjs-dist is a Portable Document Format PDF library that is built with HTML5. Affected versions of this package are vulnerable to Cross-site Scripting XSS. The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through...