CVE-2018-5158

Published: 10 May 2018

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Priority

Medium

CVSS 3 base score: 8.8

Status

Package Release Status
firefox
Launchpad, Ubuntu, Debian
Upstream
Released (60.0)
Ubuntu 18.04 LTS (Bionic Beaver)
Released (60.0+build2-0ubuntu1)
Ubuntu 16.04 LTS (Xenial Xerus)
Released (60.0+build2-0ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [60.0+build2-0ubuntu0.14.04.1])