Mozilla Firefox PDF JavaScript Restriction Bypass Vulnerability (Win) Network Vulnerability

Summary

The host is installed with Mozilla Firefox browser and is prone to PDF Javascript Restriction Bypass Vulnerability.

Impact

Successful exploitation will let attacker execute arbitrary codes in the context of the malicious PDF file and execute arbitrary codes into the context of the remote system. Impact Level: Application

Solution

Upgrade to Mozilla Firefox version 3.6.3 or later For updates refer to http://www.mozilla.com/en-US/index.html

Insight

Error while executing DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file which causes bypassing restricted Adobe's JavaScript restrictions.

Affected

Firefox version 3.0.10 and prior on Windows.

References

http://secniche.org/papers/SNS_09_03_PDF_Silent_Form_Re_Purp_Attack.pdf
http://www.securityfocus.com/archive/1/archive/1/503183/100/0/threaded

Updated on 2015-03-25

Severity

Classification

CVE CVE-2009-1597

CVSS	Base Score: 9.3 AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Apache Solr XML External Entity(XXE) Vulnerability-02 Jan-14
Admin News Tools Multiple Vulnerabilities
Baby Gekko CMS Multiple Vulnerabilities
Atmail Multiple Unspecified Security Vulnerabilities.
Apache Struts2 Showcase Skill Name Remote Code Execution Vulnerability

Take action and discover your vulnerabilities