Security Advisory

CVE-2024-4367

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2024-05-14 17:21:23

Last updated 2026-05-12 11:30:41

Assigner mozilla

State PUBLISHED

Description

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

← Browse all CVEs View on cve.org ↗