A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

References

bugzilla.mozilla.org/show_bug.cgi?id=1893645

lists.debian.org/debian-lts-announce/2024/05/msg00010.html

lists.debian.org/debian-lts-announce/2024/05/msg00012.html

www.mozilla.org/security/advisories/mfsa2024-21/

www.mozilla.org/security/advisories/mfsa2024-22/

www.mozilla.org/security/advisories/mfsa2024-23/

osv 23

debiancve 1

openvas 23

wpvulndb 1

cve 1

redhatcve 1

githubexploit 10

veracode 1

nessus 54

vulnrichment 1

ibm 2

ubuntucve 1

github 2

cvelist 1

thn 1

oraclelinux 6

debian 4

redhat 18

freebsd 1

almalinux 4

slackware 2

kaspersky 3

ubuntu 3

rocky 3

amazon 1

mageia 2

mozilla 3

wordfence 1

osv

CGA-r47q-8q9v-57w9

2024-06-06 12:29:14

Arbitrary JavaScript execution due to using outdated libraries

2024-06-05 14:15:50

odoo - security update

2024-08-08 00:00:00

debiancve

CVE-2024-4367

2024-05-14 18:15:12

openvas

Debian: Security Advisory (DSA-5742-1)

2024-08-09 00:00:00

Slackware: Security Advisory (SSA:2024-164-01)

2024-06-13 00:00:00

Mozilla Firefox ESR Security Update (mfsa_2024-22) - Mac OS X

2024-05-17 00:00:00

wpvulndb

PDF.js < 4.2.67 - Arbitrary JavaScript Execution

2024-06-03 00:00:00

cve

CVE-2024-4367

2024-05-14 18:15:12

redhatcve

CVE-2024-4367

2024-05-14 18:54:47

githubexploit

Exploit for CVE-2024-4367

2024-05-20 22:56:10

Exploit for CVE-2024-4367

2024-05-22 18:05:47

Exploit for CVE-2024-4367

2024-06-17 11:39:41

veracode

Remote Code Execution (RCE)

2024-05-08 04:43:35

nessus

Debian dsa-5742 : odoo-14 - security update

2024-08-08 00:00:00

Amazon Linux 2 : thunderbird (ALAS-2024-2561)

2024-06-12 00:00:00

RHEL 8 : thunderbird (RHSA-2024:3784)

2024-06-10 00:00:00

vulnrichment

CVE-2024-4367

2024-05-14 17:21:23

ibm

Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to Mozilla Firefox arbitrary code execution vulnerability [CVE-2024-4367]

2024-08-05 21:42:56

Security Bulletin: IBM Watson Discovery for IBM Cloud Pak for Data affected by vulnerability in pdfjs-dist

2024-09-20 21:17:11

ubuntucve

CVE-2024-4367

2024-05-14 00:00:00

github

PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF

2024-05-07 10:25:08

Arbitrary JavaScript execution due to using outdated libraries

2024-06-05 14:15:50

cvelist

CVE-2024-4367

2024-05-14 17:21:23

thn

Researchers Uncover Flaws in Python Package for AI Models and PDF.js Used by Firefox

2024-05-21 10:22:00

oraclelinux

firefox security update

2024-05-16 00:00:00

thunderbird security update

2024-05-20 00:00:00

firefox security update

2024-06-11 00:00:00

debian

[SECURITY] [DSA 5691-1] firefox-esr security update

2024-05-15 17:48:47

[SECURITY] [DSA 5693-1] thunderbird security update

2024-05-17 17:04:52

[SECURITY] [DLA 3817-1] thunderbird security update

2024-05-20 08:15:13

redhat

(RHSA-2024:2884) Important: firefox security update

2024-05-16 11:24:32

(RHSA-2024:2904) Important: thunderbird security update

2024-05-20 01:02:20

(RHSA-2024:2887) Important: firefox security update

2024-05-16 11:24:50

freebsd

Gitlab -- Vulnerabilities

2024-05-22 00:00:00

almalinux

Moderate: thunderbird security update

2024-06-10 00:00:00

Moderate: firefox security update

2024-06-10 00:00:00

Important: thunderbird security update

2024-05-16 00:00:00

slackware

[slackware-security] mozilla-thunderbird

2024-06-12 21:36:48

[slackware-security] mozilla-firefox

2024-05-14 19:27:14

kaspersky

KLA67587 Multiple vulnerabilities in Mozilla Firefox ESR

2024-05-14 00:00:00

KLA67450 Multiple vulnerabilities in Mozilla Thunderbird

2024-05-15 00:00:00

KLA67588 Multiple vulnerabilities in Mozilla Firefox

2024-05-14 00:00:00

ubuntu

Thunderbird vulnerabilities

2024-05-22 00:00:00

Firefox regressions

2024-05-29 00:00:00

Firefox vulnerabilities

2024-05-21 00:00:00

rocky

thunderbird security update

2024-06-14 13:59:30

firefox security update

2024-06-14 13:59:30

thunderbird security update

2024-06-14 14:00:40

amazon

Important: thunderbird

2024-06-06 20:17:00

mageia

Updated thunderbird packages fix security vulnerabilities

2024-05-22 02:38:02

Updated nss & firefox packages fix security vulnerabilities

2024-05-22 02:17:20

mozilla

Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla

2024-05-15 00:00:00

Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla

2024-05-14 00:00:00

Security Vulnerabilities fixed in Firefox 126 — Mozilla

2024-05-14 00:00:00

wordfence

Wordfence Intelligence Weekly WordPress Vulnerability Report (May 20, 2024 to May 26, 2024)

2024-05-30 15:23:45

Solutions

Vulnerabilities intelligence
Perimeter control tool
Linux scanner
Windows scanner
Developers SDK
Security Intelligence feeds

Database

Vulnerabilities
Exploits
Security News
BugBounty
Wild Exploited
Top Vulnerabilities
CVE Feed

Resources

Statics & Sources
Plugins
API docs
FAQ
Blog
Glossary

Company

About
Contacts
Pricing
EULA
Privacy Policy
Submission Policy
OpenSource

@2024 Vulners Inc

AI Score

6.7

Confidence

High

EPSS

Percentile

10.3%

JSON

Related for NVD:CVE-2024-4367

osv23 debiancve1 openvas23 wpvulndb1 cve1 redhatcve1 githubexploit10 veracode1 nessus54 vulnrichment1 ibm2 ubuntucve1 github2 cvelist1 thn1 oraclelinux6 debian4 redhat18 freebsd1 almalinux4 slackware2 kaspersky3 ubuntu3 rocky3 amazon1 mageia2 mozilla3 wordfence1