Same-origin protections for the PDF viewer can be bypassed, allowing a malicious site to intercept messages meant for the viewer. This could allow the site to retrieve PDF files restricted to viewing by an authenticated user on a third-party website. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5157
Acknowledgments: Name: the Mozilla project Upstream: Wladimir Palant
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1414
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1415