A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Metrics
Affected Vendors & Products
References
History
Fri, 23 Aug 2024 00:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
MITRE
Status: PUBLISHED
Assigner: mozilla
Published: 2024-05-14T17:21:23.486Z
Updated: 2024-08-22T23:03:16.895Z
Reserved: 2024-04-30T19:08:43.037Z
Link: CVE-2024-4367
Vulnrichment
Updated: 2024-08-22T23:03:16.895Z
NVD
Status : Awaiting Analysis
Published: 2024-05-14T18:15:12.467
Modified: 2024-06-10T17:16:33.380
Link: CVE-2024-4367
Redhat