Your submission was sent successfully! Close

CVE-2018-5158

Published: 10 May 2018

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
artful
Released (60.0+build2-0ubuntu0.17.10.1)
bionic
Released (60.0+build2-0ubuntu1)
precise Does not exist

trusty Does not exist
(trusty was released [60.0+build2-0ubuntu0.14.04.1])
upstream
Released (60.0)
xenial
Released (60.0+build2-0ubuntu0.16.04.1)