VDB

CVE-2009-1597

CVE-2009-1597 PUBLISHED CVSS 9.300000190734863 CRITICAL

Mozilla Firefox executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits PDF uploads by untrusted users, and therefore has a shared document.domain between the web site and this javascript: URI. NOTE: the researcher reports that Adobe's position is "a PDF file is active content."

EPSS 0.25% · 48.1th percentile

Risk Scores

CVSS v2.0
9.300000190734863
EPSS Score
0.25%
48.1th percentile

Affected Products

VendorProductVersions
n/an/an/a
mozillafirefox

Timeline

  • May 11, 2009 CVE Published
  • Feb 4, 2022 EPSS Score
  • Mar 29, 2022 EPSS Score
  • May 2, 2022 CVE Updated
  • May 20, 2022 EPSS Score
  • Jul 12, 2022 EPSS Score
  • Sep 3, 2022 EPSS Score
  • Oct 26, 2022 EPSS Score
  • Dec 17, 2022 EPSS Score
  • Feb 8, 2023 EPSS Score
  • Mar 7, 2023 EPSS Score
  • Apr 1, 2023 EPSS Score

References

Open in Interactive Console →
$ Console Community · 100/wk Open console ›