CVE-2013-5598

Name	CVE-2013-5598
Description	PDF.js in Mozilla Firefox before 25.0 and Firefox ESR 24.x before 24.1 does not properly handle the appending of an IFRAME element, which allows remote attackers to read arbitrary files or execute arbitrary JavaScript code with chrome privileges by using this element within an embedded PDF object.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
icedove (PTS)	jessie	1:52.3.0-4~deb8u2	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Urgency
iceape	source	(unstable)	(not affected)
icedove	source	(unstable)	(not affected)
iceweasel	source	squeeze	(unfixed)	end-of-life
iceweasel	source	wheezy	(not affected)
iceweasel	source	(unstable)	24.1.0esr-1

Notes

[wheezy] - iceweasel <not-affected> (Only affects Firefox >=24)
- icedove <not-affected> (Only affects Firefox >=24)
- iceape <not-affected> (Only affects Firefox >=24)