1
Candidate: CVE-2009-1597
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2009-1597
6
Mozilla Firefox executes DOM calls in response to a javascript: URI in the
7
target attribute of a submit element within a form contained in an inline
8
PDF file, which might allow remote attackers to bypass intended Adobe
9
Acrobat JavaScript restrictions on accessing the document object, as
10
demonstrated by a web site that permits PDF uploads by untrusted users, and
11
therefore has a shared document.domain between the web site and this
12
javascript: URI. NOTE: the researcher reports that Adobe's position is "a
13
PDF file is active content."
16
jdstrand> Requires inline PDF with acroread. PDF is active content, ignoring
17
until upstream has more information.
24
upstream_firefox: needs-triage
25
dapper_firefox: ignored (reached end-of-life)
26
hardy_firefox: ignored
33
upstream_firefox-3.0: needs-triage
34
dapper_firefox-3.0: DNE
35
hardy_firefox-3.0: ignored
36
intrepid_firefox-3.0: ignored
37
jaunty_firefox-3.0: ignored
38
karmic_firefox-3.0: DNE
39
devel_firefox-3.0: DNE
42
upstream_firefox-3.5: needs-triage
43
dapper_firefox-3.5: DNE
44
hardy_firefox-3.5: DNE
45
intrepid_firefox-3.5: DNE
46
jaunty_firefox-3.5: ignored
47
karmic_firefox-3.5: ignored
48
devel_firefox: not-affected
49
devel_firefox-3.5: DNE
52
upstream_iceweasel: needs-triage
55
intrepid_iceweasel: DNE