Mozilla PDF.js Content Spoofing Scanner

Mozilla PDF.js is a JavaScript-based library used widely in web applications for rendering PDF documents within web browsers. It is maintained by the Mozilla Foundation and serves a crucial role in enabling PDF viewing capabilities on the web without needing external plugins. Developers integrate PDF.js into web projects to allow seamless PDF interactions directly within web pages.

This scanner targets vulnerabilities associated with the Mozilla PDF.js library. The vulnerability involves loading external PDF files in the viewer without proper origin validation, which presents a risk of content spoofing. When exploited, malicious actors can potentially deceive users by displaying misleading content within trusted websites.

The technical vulnerability lies in the inability of PDF.js to verify the origin of external PDF files loaded in its viewer component. Attack vectors typically exploit this by crafting URLs that direct the viewer to load and render external files without adequate validation. The templates check multiple potential access points within the web application where the vulnerable PDF.js viewer might be embedded.

Exploitation of this vulnerability could lead to users being exposed to fraudulent or misleading information, potentially causing exposure of sensitive information or leading to further compromise. Users may interact with unauthorized content, believing it to be legitimate due to the deceptive presentation within trusted domains.

REFERENCES

• https://groups.google.com/g/mozilla.dev.pdf-js/c/_WdU9T0TRfo
• https://github.com/mozilla/pdf.js/issues/6920