Proof of concept exploit that demonstrates how an attacker can bypass same-origin policy on Firefox and inject javascript into the built-in pdf reader.
e9d69781f8e3c5ddf17e4c6610f59bfd7290858f88e48f49405648523cc14a3d
Red Hat Security Advisory 2015-1581-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. A flaw was discovered in Mozilla Firefox that could be used to violate the same-origin policy and inject web script into a non-privileged part of the built-in PDF file viewer. An attacker could create a malicious web page that, when viewed by a victim, could steal arbitrary files from the system running Firefox.
e0a232b17807350fc652a6b60a215e791b1a23fd269eedd3d1b9d511f297c55b
Ubuntu Security Notice 2707-1 - Cody Crews discovered a way to violate the same-origin policy to inject script in to a non-privileged part of the PDF viewer. If a user were tricked in to opening a specially crafted website, an attacker could exploit this to read sensitive information from local files.
454aadcc72ab27356bc6097291844b21c35e99f121004be9079deac843860748