If a user clicked into a specifically crafted PDF, the PDF reader could be confused into leaking cross-origin information, when said information is served as chunked data. This vulnerability affects Firefox < 85, Thunderbird < 78.7, and Firefox ESR < 78.7.
CPE | Name | Operator | Version |
---|---|---|---|
firefox | lt | 85.0 | |
firefox_esr | lt | 78.7 | |
thunderbird | lt | 78.7 |