Published: 11/06/2018 Updated: 13/03/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.8 | Impact Score: 5.9 | Exploitability Score: 2.8

VMScore: 606

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.

Vulnerable Product	Search on Vulmon	Subscribe to Product
debian debian linux 9.0
debian debian linux 7.0
debian debian linux 8.0
redhat enterprise linux desktop 6.0
redhat enterprise linux workstation 6.0
redhat enterprise linux server eus 7.5
redhat enterprise linux server tus 7.6
redhat enterprise linux desktop 7.0
redhat enterprise linux server 7.0
redhat enterprise linux workstation 7.0
redhat enterprise linux server aus 7.6
redhat enterprise linux server 6.0
redhat enterprise linux server eus 7.6
mozilla firefox
mozilla firefox esr
canonical ubuntu linux 14.04
canonical ubuntu linux 16.04
canonical ubuntu linux 17.10
canonical ubuntu linux 18.04

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 6Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Synopsis Critical: firefox security update Type/Severity Security Advisory: Critical Topic An update for firefox is now available for Red Hat Enterprise Linux 7Red Hat Product Security has rated this update as having a security impact of Critical A Common Vulnerability Scoring System (CVSS) base score, wh ...

Debian Bug report logs - #926482 gitlab: CVE-2018-5158 CVE-2019-10109 CVE-2019-10110 CVE-2019-10111 CVE-2019-10113 CVE-2019-10115 CVE-2019-10116 CVE-2019-10640 Package: src:gitlab; Maintainer for src:gitlab is Debian Ruby Extras Maintainers <pkg-ruby-extras-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccor ...

USN-3645-1 caused a regression in Firefox ...

Firefox could be made to crash or run programs as your login if it opened a malicious website ...

The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file This JavaScript can then be run with the permissions of the PDF viewer by its worker This vulnerability affects Firefox ESR < 528 and Firefox < 60 ...

Mozilla Foundation Security Advisory 2018-11 Security vulnerabilities fixed in Firefox 60 Announced May 9, 2018 Impact critical Products Firefox Fixed in Firefox 60 ...

Mozilla Foundation Security Advisory 2018-12 Security vulnerabilities fixed in Firefox ESR 528 Announced May 9, 2018 Impact critical Products Firefox ESR Fixed in Firefox ESR 528 ...

A insufficient sanitization of Postscript calculator functions vulnerability has been found in the PDF viewer of Firefox < 600, allowing malicious JavaScript to be injected through a crafted PDF file This JavaScript can then be run with the permissions of the PDF viewer by its worker ...

支持pdf和web的双击划词翻译脚本，当前使用爱词霸公共api

1 关于双击划词翻译,浏览器脚本插件，支持PDF和普通网页使用国内优秀翻译软件iCIBA的即划即译功能,并使用了优秀的开源项目PDFjs firefox扩展: Web-Translate-firefox chrome扩展: Web-Translate-chrome 2018/06/12 功能更新: 添加右键打开本地PDF的功能，支持Chrome和Firefox，自动加载取词脚本 2018/08/09 公告�

CVE-2018-5158 所用环境为Firefox Setup 5903 pdfjs-11088-dist 一些参考链接 bugzillamozillaorg/show_bugcgi?id=1452075 （原文中的相对应的资料链接无了，应该是这个hgmozillaorg/releases/mozilla-release/file/2f5ffe4fa2153a798ed8b310a597ea92abd1b868/browser/extensions/pdfjs/content/build/pdfjs） wwwcvedetailscom/cve/CV

Summary of almost all paid bounty reports on H1

Public Bug Bounty Reports Since ~2020 Open for contributions from others as well, so please send a pull request if you can! Content raw Markdown HTML Rendered Markdown HTML # Category Description Bounty Program URL 1 IDOR IDOR for order delivery address $3000 Mailru hackeronecom/reports/723461 2 IDOR IDOR to change API-key description $250 Visma h

Summary of almost all paid bounty reports on H1

Public Bug Bounty Reports Since ~2020 Open for contributions from others as well, so please send a pull request if you can! Content raw Markdown HTML Rendered Markdown HTML # Category Description Bounty Program URL 1 IDOR IDOR for order delivery address $3000 Mailru hackeronecom/reports/723461 2 IDOR IDOR to change API-key description $250 Visma h

CWE-94 https://www.mozilla.org/security/advisories/mfsa2018-12/https://www.mozilla.org/security/advisories/mfsa2018-11/https://bugzilla.mozilla.org/show_bug.cgi?id=1452075 https://www.debian.org/security/2018/dsa-4199 https://usn.ubuntu.com/3645-1/https://lists.debian.org/debian-lts-announce/2018/05/msg00007.html https://access.redhat.com/errata/RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1414 http://www.securitytracker.com/id/1040896 http://www.securityfocus.com/bid/104136 https://security.gentoo.org/glsa/201810-01 https://access.redhat.com/errata/RHSA-2018:1414 https://nvd.nist.gov https://usn.ubuntu.com/3645-2/

CVE-2018-5158

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect