CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:C/I:P/A:P
EPSS
Percentile
84.8%
PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does
not properly handle the appending of an IFRAME element, which allows remote
attackers to read arbitrary files or execute arbitrary JavaScript code with
chrome privileges by using this element within an embedded PDF object.