vulnerability

Red Hat: CVE-2024-4367: Mozilla: Arbitrary JavaScript execution in PDF.js (Multiple Advisories)

Name: Red Hat: CVE-2024-4367: Mozilla: Arbitrary JavaScript execution in PDF.js (Multiple Advisories)
Creator: Red Hat
Published: 2024-05-14T00:00:00.000Z
Keywords: CVE, CWE-754, Red Hat, 2024, 4367, Mozilla, redhat-upgrade-firefox, redhat-upgrade-firefox-debuginfo, redhat-upgrade-firefox-debugsource, redhat-upgrade-firefox-x11, redhat-upgrade-thunderbird, redhat-upgrade-thunderbird-debuginfo, redhat-upgrade-thunderbird-debugsource, Severity 8

Try Surface Command

Back to search

Severity

CVSS

(AV:N/AC:H/Au:N/C:C/I:C/A:C)

Published

May 14, 2024

Added

May 17, 2024

Modified

Mar 27, 2026

Description

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Solutions

redhat-upgrade-firefoxredhat-upgrade-firefox-debuginforedhat-upgrade-firefox-debugsourceredhat-upgrade-firefox-x11redhat-upgrade-thunderbirdredhat-upgrade-thunderbird-debuginforedhat-upgrade-thunderbird-debugsource

References

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report