Sensitive informations, supposed to be hidden, can be revealed on PDF saved using draw feature on PDF Editor (Firefox)
Categories
(Firefox :: Security, defect)
Tracking
()
People
(Reporter: renatoyamane, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
29.12 KB,
application/pdf
|
Details |
Steps to reproduce:
-
Open a PDF file on Firefox 126.0 (Windows 11);
-
Use the draw feature to edit the PDF, to hide a sensitive information;
https://www.mozilla.org/en-GB/firefox/features/pdf-editor/ -
Save it;
-
Open it again, use CTRL+A to select the content of the PDF, then copy the text and paste it in somewhere (for example: notepad).
You will notice the text, supposed to be hidden, can be revealed when you paste the content.
Use the PDF attached to reproduce the problem.
- Expected results:
The text behind the draw/brush should not be revealed. Firefox should MERGE all layers before saving the PDF.
This is a security issue, because users can have sensitive informations revealed.
Comment 1•5 months ago
|
||
Not sure why you reported this a second time?
Reporter | ||
Comment 2•5 months ago
|
||
(In reply to :Gijs (he/him) from comment #1)
Not sure why you reported this a second time?
*** This bug has been marked as a duplicate of bug 1898195 ***
I reported also on the Bug Bounty Program, but I didn't know it could arrive on the same place. Sorry.
Please conside adding the sec-bounty tag on Bug 1898195, if you think it is relevant.
Thanks
Updated•5 months ago
|
Updated•4 months ago
|
Updated•4 months ago
|
Description
•