Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2018-5158 PoC — Mozilla Firefox和Firefox ESR 安全漏洞

Source
https://github.com/ppcrab/CVE-2018-5158
Associated Vulnerability
Title:Mozilla Firefox和Firefox ESR 安全漏洞 (CVE-2018-5158)
Description:The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. This vulnerability affects Firefox ESR < 52.8 and Firefox < 60.
Readme
# CVE-2018-5158
所用环境为Firefox Setup 59.0.3
pdfjs-1.10.88-dist

一些参考链接
https://bugzilla.mozilla.org/show_bug.cgi?id=1452075
(原文中的相对应的资料链接无了,应该是这个https://hg.mozilla.org/releases/mozilla-release/file/2f5ffe4fa2153a798ed8b310a597ea92abd1b868/browser/extensions/pdfjs/content/build/pdf.js)

https://www.cvedetails.com/cve/CVE-2018-5158/?q=CVE-2018-5158
File Snapshot

 [4.0K]  /data/pocs/fccda65c1ca4ba55452d64b052b773f07d54b5f4
├── [6.9M]  pdfjs-1.10.88-dist.zip
├── [6.8M]  pdf_格式.pdf
└── [ 413]  README.md

0 directories, 3 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →