CVE-2024-4367 : A type check was missing when handling fonts in PDF.js, which would allow arbitr

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published 2024-05-14 17:21:23

Updated 2025-04-24 19:15:46

Source Mozilla Corporation

View at NVD, CVE.org

Products affected by CVE-2024-4367

Debian » Debian Linux » Version: 10.0
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
Matching versions
Mozilla » Firefox » ESR Edition
Versions before (<) 115.11.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:*
Matching versions
Mozilla » Firefox »
Versions before (<) 126.0
cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:*
Matching versions
Mozilla » Thunderbird
Versions before (<) 115.11.0
cpe:2.3:a:mozilla:thunderbird:*:*:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend
Versions before (<) 7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:*:*:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:-:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision10
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision10:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision11
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision11:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision12
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision12:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision13
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision13:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision14
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision14:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision15
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision15:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision16
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision16:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision17
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision17:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision18
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision18:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision19
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision19:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision20
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision20:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision21
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision21:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision22
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision22:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision23
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision23:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision24
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision24:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision25
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision25:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision26
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision26:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision27
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision27:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision28
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision28:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision29
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision29:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision3
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision3:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision30
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision30:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision31
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision31:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision32
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision32:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision33
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision33:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision34
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision34:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision35
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision35:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision36
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision36:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision37
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision37:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision38
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision38:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision39
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision39:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision4
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision4:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision40
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision40:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision41
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision41:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision42
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision42:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision43
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision43:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision44
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision44:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision5
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision5:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision6
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision6:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision7
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision7:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision8
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision8:*:*:*:*:*:*
Matching versions
Open-xchange » Open-xchange Appsuite Frontend » Version: 7.10.6 Update Revision9
cpe:2.3:a:open-xchange:open-xchange_appsuite_frontend:7.10.6:revision9:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2024-4367

EPSS FAQ

13.64%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 94 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2024-4367

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.6	MEDIUM	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L	2.2	3.4	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-03-13
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: Low Integrity: Low Availability: Low
8.8	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H	2.8	5.9	NIST	2025-01-22
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H	N/A	N/A	RedHat-CVE-2024-4367	2024-05-14
Attack Vector: Network Attack Complexity: High Privileges Required: None User Interaction: Required Scope: Unchanged Confidentiality: High Integrity: High Availability: High

CWE ids for CVE-2024-4367

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

Assigned by: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

References for CVE-2024-4367

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
http://seclists.org/fulldisclosure/2024/Aug/30

Mailing List
https://www.mozilla.org/security/advisories/mfsa2024-23/

Security Vulnerabilities fixed in Thunderbird 115.11 — Mozilla
Vendor Advisory

CVEs referencing this url
https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

Access Denied
Issue Tracking
https://www.exploit-db.com/exploits/52273

Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution - Multiple remote Exploit
https://github.com/gogs/gogs/issues/7928
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html

[SECURITY] [DLA 3815-1] firefox-esr security update
Mailing List

CVEs referencing this url
https://www.mozilla.org/security/advisories/mfsa2024-22/

Security Vulnerabilities fixed in Firefox ESR 115.11 — Mozilla
Vendor Advisory

CVEs referencing this url
https://www.mozilla.org/security/advisories/mfsa2024-21/

Security Vulnerabilities fixed in Firefox 126 — Mozilla
Vendor Advisory

CVEs referencing this url
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html

[SECURITY] [DLA 3817-1] thunderbird security update
Mailing List

CVEs referencing this url
https://github.com/mozilla/pdf.js/releases/tag/v4.2.67

Jump to

Vulnerability Details : CVE-2024-4367

Products affected by CVE-2024-4367

Exploit prediction scoring system (EPSS) score for CVE-2024-4367

CVSS scores for CVE-2024-4367

CWE ids for CVE-2024-4367

References for CVE-2024-4367