Candidate: CVE-2009-1597
PublicDate: 2009-05-11 15:30:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1597
Description:
 Mozilla Firefox executes DOM calls in response to a javascript: URI in the
 target attribute of a submit element within a form contained in an inline
 PDF file, which might allow remote attackers to bypass intended Adobe
 Acrobat JavaScript restrictions on accessing the document object, as
 demonstrated by a web site that permits PDF uploads by untrusted users, and
 therefore has a shared document.domain between the web site and this
 javascript: URI.  NOTE: the researcher reports that Adobe's position is "a
 PDF file is active content."
Ubuntu-Description:
Notes:
 jdstrand> Requires inline PDF with acroread. PDF is active content, ignoring
  until upstream has more information.
Bugs:
Priority: low
Discovered-by:
Assigned-to:
CVSS: 

Patches_firefox:
upstream_firefox: needs-triage
dapper_firefox: ignored (reached end-of-life)
hardy_firefox: ignored
intrepid_firefox: DNE
jaunty_firefox: DNE
karmic_firefox: DNE


Patches_firefox-3.0:
upstream_firefox-3.0: needs-triage
dapper_firefox-3.0: DNE
hardy_firefox-3.0: ignored
intrepid_firefox-3.0: ignored
jaunty_firefox-3.0: ignored
karmic_firefox-3.0: DNE
devel_firefox-3.0: DNE

Patches_firefox-3.5:
upstream_firefox-3.5: needs-triage
dapper_firefox-3.5: DNE
hardy_firefox-3.5: DNE
intrepid_firefox-3.5: DNE
jaunty_firefox-3.5: ignored
karmic_firefox-3.5: ignored
devel_firefox: not-affected
devel_firefox-3.5: DNE

Patches_iceweasel:
upstream_iceweasel: needs-triage
dapper_iceweasel: DNE
hardy_iceweasel: DNE
intrepid_iceweasel: DNE
jaunty_iceweasel: DNE
karmic_iceweasel: DNE
devel_iceweasel: DNE