Merge pull request #14788 from Eren-Akdag/fix/pdfjs-content-spoofing-false-positive

fix: pdfjs-content-spoofing template false positive reduction
2026-01-31 07:43:27 +08:00 · 2026-01-15 03:16:02 +05:30
parent 1eb471d91a 5411c9a3cf
commit 1e8c5f7af6
1 changed files with 5 additions and 4 deletions
--- a/headless/mozilla-pdfjs-content-spoofing.yaml
+++ b/headless/mozilla-pdfjs-content-spoofing.yaml
@@ -2,7 +2,7 @@ id: pdfjs-content-spoofing

 info:
  name: Mozilla PDF.js - Content Spoofing
-  author: 0x_Akoko
+  author: 0x_Akoko,s4e-io
  severity: medium
  description: |
    Detected PDF.js viewer loads and renders external PDF files without proper origin validation. Versions < v1.3.91 are vulnerable to content spoofing attacks.
@@ -44,7 +44,9 @@ headless:
      - type: word
        part: body
        words:
-          - "pdf.js"
+          - "viewerContainer"
+          - "pdfViewer"
+        condition: and

      - type: word
        part: body
@@ -53,5 +55,4 @@ headless:
          - "file origin does not match"
          - "blocked"
          - "Not Found"
-        condition: or
-# digest: 490a0046304402207dc1eb1cfd5bc25039d729f591a15f5a9a37667ed6ad50d1c1c73fe20004b9a8022071080c75bcced708e51b213a2d9887954d7145d3666a5b1de77a04eb08905a67:922c64590222798bb761d5b6d8e72950
+        condition: or