CVE-2024-4367

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Published: May 14, 2024
Updated: Apr 30, 2025
CVE: CVE-2024-4367
GHSA: GHSA-wgrm-67xf-hhpq
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 8.8
AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
pdfjs-dist	-	4.2.67
mozilla / firefox	-	126.0
mozilla / thunderbird	-	115.11.0
mozilla / firefox	-	115.11.0
debian / debian_linux	10.0	10.0.x
open-xchange / open-xchange_appsuite_frontend	-	7.10.6
open-xchange / open-xchange_appsuite_frontend	7.10.6	7.10.6.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision3	7.10.6-revision3.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision4	7.10.6-revision4.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision5	7.10.6-revision5.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision6	7.10.6-revision6.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision7	7.10.6-revision7.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision8	7.10.6-revision8.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision9	7.10.6-revision9.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision10	7.10.6-revision10.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision11	7.10.6-revision11.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision12	7.10.6-revision12.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision13	7.10.6-revision13.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision14	7.10.6-revision14.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision15	7.10.6-revision15.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision16	7.10.6-revision16.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision17	7.10.6-revision17.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision18	7.10.6-revision18.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision19	7.10.6-revision19.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision20	7.10.6-revision20.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision21	7.10.6-revision21.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision22	7.10.6-revision22.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision23	7.10.6-revision23.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision24	7.10.6-revision24.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision25	7.10.6-revision25.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision26	7.10.6-revision26.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision27	7.10.6-revision27.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision28	7.10.6-revision28.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision29	7.10.6-revision29.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision30	7.10.6-revision30.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision31	7.10.6-revision31.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision32	7.10.6-revision32.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision33	7.10.6-revision33.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision34	7.10.6-revision34.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision35	7.10.6-revision35.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision36	7.10.6-revision36.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision37	7.10.6-revision37.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision38	7.10.6-revision38.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision39	7.10.6-revision39.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision40	7.10.6-revision40.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision41	7.10.6-revision41.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision42	7.10.6-revision42.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision43	7.10.6-revision43.x
open-xchange / open-xchange_appsuite_frontend	7.10.6-revision44	7.10.6-revision44.x

Vulnerability Database

289,599

CVE-2024-4367