mirror of
https://github.com/0xMarcio/cve.git
synced 2026-05-15 11:48:07 +02:00
0xMarcio
1.2 KiB
1.2 KiB
CVE-2018-5158
Description
The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
POC
Reference
Github
- https://github.com/0xCyberY/CVE-T4PDF
- https://github.com/ARPSyndicate/cve-scores
- https://github.com/ARPSyndicate/cvemon
- https://github.com/huangkefen/web-translate
- https://github.com/klausnitzer/pentest-pdf-collection
- https://github.com/ppcrab/CVE-2018-5158
- https://github.com/puzzle-tools/-CVE-2018-5158.pdf
- https://github.com/pwnpanda/Bug_Bounty_Reports