CVE-2024-4367

EUVD-2024-1831
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
CISA-ADPADP
5.6 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
Affected Products (NVD)
VendorProductVersion
mozillafirefox
𝑥
< 115.11.0
mozillafirefox
𝑥
< 126.0
mozillathunderbird
𝑥
< 115.11.0
debiandebian_linux
10.0
open-xchangeopen-xchange_appsuite_frontend
𝑥
< 7.10.6
open-xchangeopen-xchange_appsuite_frontend
7.10.6
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision10
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision11
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision12
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision13
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision14
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision15
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision16
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision17
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision18
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision19
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision20
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision21
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision22
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision23
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision24
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision25
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision26
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision27
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision28
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision29
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision3
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision30
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision31
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision32
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision33
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision34
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision35
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision36
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision37
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision38
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision39
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision4
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision40
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision41
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision42
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision43
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision44
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision5
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision6
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision7
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision8
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
146.0.1-1
fixed
firefox-esr
bookworm
128.14.0esr-1~deb12u1
fixed
bookworm (security)
140.6.0esr-1~deb12u1
fixed
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
140.6.0esr-1~deb11u1
fixed
forky
140.5.0esr-1
fixed
sid
140.6.0esr-1
fixed
trixie
140.4.0esr-1~deb13u1
fixed
trixie (security)
140.6.0esr-1~deb13u1
fixed
odoo
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
sid
18.0.0+dfsg-2
fixed
thunderbird
bookworm
1:128.14.0esr-1~deb12u1
fixed
bookworm (security)
1:140.6.0esr-1~deb12u1
fixed
bullseye
1:115.12.0-1~deb11u1
fixed
bullseye (security)
1:140.6.0esr-1~deb11u1
fixed
forky
1:140.6.0esr-1
fixed
sid
1:140.6.0esr-1
fixed
trixie
1:140.4.0esr-1~deb13u1
fixed
trixie (security)
1:140.6.0esr-1~deb13u1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mozjs52
bionic
ignored
focal
ignored
jammy
dne
mantic
dne
noble
dne
firefox
focal
Fixed 126.0+build2-0ubuntu0.20.04.1
released
jammy
not-affected
mantic
not-affected
noble
not-affected
mozjs38
bionic
ignored
focal
dne
jammy
dne
mantic
dne
noble
dne
mozjs68
focal
ignored
jammy
dne
mantic
dne
noble
dne
mozjs78
focal
dne
jammy
ignored
mantic
dne
noble
dne
mozjs91
focal
dne
jammy
ignored
mantic
dne
noble
dne
mozjs102
focal
dne
jammy
ignored
mantic
ignored
noble
ignored
thunderbird
focal
Fixed 1:115.11.0+build2-0ubuntu0.20.04.1
released
jammy
Fixed 1:115.11.0+build2-0ubuntu0.22.04.1
released
mantic
Fixed 1:115.11.0+build2-0ubuntu0.23.10.1
released
noble
not-affected
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1893645
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
https://www.mozilla.org/security/advisories/mfsa2024-21/
https://www.mozilla.org/security/advisories/mfsa2024-22/
https://www.mozilla.org/security/advisories/mfsa2024-23/
http://seclists.org/fulldisclosure/2024/Aug/30
https://bugzilla.mozilla.org/show_bug.cgi?id=1893645
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
https://github.com/gogs/gogs/issues/7928
https://github.com/mozilla/pdf.js/releases/tag/v4.2.67
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
https://www.exploit-db.com/exploits/52273
https://www.mozilla.org/security/advisories/mfsa2024-21/
https://www.mozilla.org/security/advisories/mfsa2024-22/
https://www.mozilla.org/security/advisories/mfsa2024-23/