1. Home
  2. Vulnerabilities
  3. CVE-2024-4367

CVE-2024-4367

EPSS 0.04 % (11th)
0.04% Progress
Advisories 35
NVD Status Awaiting Analysis
Info EPSS References Security Advisories Packages & Software Tools, Exploits & PoC Graph Web & Social Timeline

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE Status
PUBLISHED
NVD Status
Awaiting Analysis
CNA
Mozilla Corporation
Published Date
2024-05-14 18:15:12
(4 months ago)
Updated Date
2024-06-10 17:16:33
(3 months ago)