The PDF viewer does not sufficiently sanitize PostScript calculator functions, allowing malicious JavaScript to be injected through a crafted PDF file. This JavaScript can then be run with the permissions of the PDF viewer by its worker. External Reference: https://www.mozilla.org/en-US/security/advisories/mfsa2018-12/#CVE-2018-5158
Acknowledgments: Name: the Mozilla project Upstream: Wladimir Palant
This issue has been addressed in the following products: Red Hat Enterprise Linux 6 Via RHSA-2018:1414 https://access.redhat.com/errata/RHSA-2018:1414
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2018:1415 https://access.redhat.com/errata/RHSA-2018:1415