Bug 273915 (CVE-2009-1597)

Summary:	<www-client/mozilla-firefox-? & <app-text/acroread-? (CVE-2009-{1597,1599})
Product:	Gentoo Security	Reporter:	Stefan Behte (RETIRED) <craig>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED OBSOLETE
Severity:	minor
Priority:	High
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [upstream?]
Package list:		Runtime testing required:	---

Description Stefan Behte (RETIRED) gentoo-dev

2009-06-12 20:41:19 UTC

CVE-2009-1597 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1597):
  Mozilla Firefox executes DOM calls in response to a javascript: URI
  in the target attribute of a submit element within a form contained
  in an inline PDF file, which might allow remote attackers to bypass
  intended Adobe Acrobat JavaScript restrictions on accessing the
  document object, as demonstrated by a web site that permits PDF
  uploads by untrusted users, and therefore has a shared
  document.domain between the web site and this javascript: URI.  NOTE:
  the researcher reports that Adobe's position is "a PDF file is active
  content."

Comment 1 Stefan Behte (RETIRED) gentoo-dev

2009-06-12 20:49:28 UTC

CVE-2009-1599 (http://nvd.nist.gov/nvd.cfm?cvename=CVE-2009-1599):
  Opera executes DOM calls in response to a javascript: URI in the
  target attribute of a submit element within a form contained in an
  inline PDF file, which might allow remote attackers to bypass
  intended Adobe Acrobat JavaScript restrictions on accessing the
  document object, as demonstrated by a web site that permits PDF
  uploads by untrusted users, and therefore has a shared
  document.domain between the web site and this javascript: URI.  NOTE:
  the researcher reports that Adobe's position is "a PDF file is active
  content."

Comment 2 Chris Reffett (RETIRED) gentoo-dev

2013-09-03 02:28:46 UTC

Affects long-gone version of acroread and unknown versions of firefox/opera. @security team: think we can close this?