CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
8.8 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
mozillaCNA
---
---
CISA-ADPADP
5.6 MEDIUM
NETWORK
HIGH
NONE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 96%
VendorProductVersion
mozillafirefox
𝑥
< 115.11.0
mozillafirefox
𝑥
< 126.0
mozillathunderbird
𝑥
< 115.11.0
debiandebian_linux
10.0
open-xchangeopen-xchange_appsuite_frontend
𝑥
< 7.10.6
open-xchangeopen-xchange_appsuite_frontend
7.10.6
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision10
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision11
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision12
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision13
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision14
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision15
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision16
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision17
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision18
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision19
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision20
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision21
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision22
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision23
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision24
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision25
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision26
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision27
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision28
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision29
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision3
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision30
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision31
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision32
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision33
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision34
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision35
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision36
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision37
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision38
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision39
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision4
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision40
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision41
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision42
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision43
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision44
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision5
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision6
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision7
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision8
open-xchangeopen-xchange_appsuite_frontend
7.10.6:revision9
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
firefox
sid
145.0.1-1
fixed
firefox-esr
bullseye
115.14.0esr-1~deb11u1
fixed
bullseye (security)
140.5.0esr-1~deb11u1
fixed
bookworm
128.14.0esr-1~deb12u1
fixed
bookworm (security)
140.5.0esr-1~deb12u1
fixed
trixie
140.4.0esr-1~deb13u1
fixed
trixie (security)
140.5.0esr-1~deb13u1
fixed
forky
140.5.0esr-1
fixed
sid
140.5.0esr-1
fixed
odoo
bullseye (security)
14.0.0+dfsg.2-7+deb11u2
fixed
bullseye
14.0.0+dfsg.2-7+deb11u2
fixed
sid
18.0.0+dfsg-2
fixed
thunderbird
bullseye
1:115.12.0-1~deb11u1
fixed
bullseye (security)
1:140.5.0esr-1~deb11u1
fixed
bookworm
1:128.14.0esr-1~deb12u1
fixed
bookworm (security)
1:140.5.0esr-1~deb12u1
fixed
trixie
1:140.4.0esr-1~deb13u1
fixed
trixie (security)
1:140.5.0esr-1~deb13u1
fixed
forky
1:140.5.0esr-1
fixed
sid
1:140.5.0esr-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mozjs52
noble
dne
mantic
dne
jammy
dne
focal
ignored
bionic
ignored
firefox
noble
not-affected
mantic
not-affected
jammy
not-affected
focal
Fixed 126.0+build2-0ubuntu0.20.04.1
released
mozjs38
noble
dne
mantic
dne
jammy
dne
focal
dne
bionic
ignored
mozjs68
noble
dne
mantic
dne
jammy
dne
focal
ignored
mozjs78
noble
dne
mantic
dne
jammy
ignored
focal
dne
mozjs91
noble
dne
mantic
dne
jammy
ignored
focal
dne
mozjs102
noble
ignored
mantic
ignored
jammy
ignored
focal
dne
thunderbird
noble
not-affected
mantic
Fixed 1:115.11.0+build2-0ubuntu0.23.10.1
released
jammy
Fixed 1:115.11.0+build2-0ubuntu0.22.04.1
released
focal
Fixed 1:115.11.0+build2-0ubuntu0.20.04.1
released
Common Weakness Enumeration
References
https://bugzilla.mozilla.org/show_bug.cgi?id=1893645
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
https://www.mozilla.org/security/advisories/mfsa2024-21/
https://www.mozilla.org/security/advisories/mfsa2024-22/
https://www.mozilla.org/security/advisories/mfsa2024-23/
http://seclists.org/fulldisclosure/2024/Aug/30
https://bugzilla.mozilla.org/show_bug.cgi?id=1893645
https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/
https://github.com/gogs/gogs/issues/7928
https://github.com/mozilla/pdf.js/releases/tag/v4.2.67
https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html
https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html
https://www.exploit-db.com/exploits/52273
https://www.mozilla.org/security/advisories/mfsa2024-21/
https://www.mozilla.org/security/advisories/mfsa2024-22/
https://www.mozilla.org/security/advisories/mfsa2024-23/