Entreprise d'experts en Sécurité Informatique : Audits et conseils en cybersécurité
Entreprise française de cybersécurité depuis 2004
☎ 03 60 47 09 81 - info@securiteinfo.com


CVE-2024-4367

Description

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

POC

Reference

- http://seclists.org/fulldisclosure/2024/Aug/30

- https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

- https://github.com/gogs/gogs/issues/7928

- https://www.exploit-db.com/exploits/52273

Github

- https://github.com/0xr2r/CVE-2024-4367

- https://github.com/1337rokudenashi/Odoo_PDFjs_CVE-2024-4367.pdf

- https://github.com/ARPSyndicate/cve-scores

- https://github.com/AazafRitha/bug-bounty-reports

- https://github.com/BektiHandoyo/cve-pdf-host

- https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerability

- https://github.com/GhostTroops/TOP

- https://github.com/J1ezds/Vulnerability-Wiki-page

- https://github.com/LOURC0D3/CVE-2024-4367-PoC

- https://github.com/Masamuneee/CVE-2024-4367-Analysis

- https://github.com/MihranGIT/POC_CVE-2024-4367

- https://github.com/PenguinCabinet/CVE-2024-4367-hands-on

- https://github.com/PuddinCat/GithubRepoSpider

- https://github.com/Scivous/CVE-2024-4367-npm

- https://github.com/Threekiii/Awesome-POC

- https://github.com/UnHackerEnCapital/PDFernetRemotelo

- https://github.com/VVeakee/CVE-2024-4367

- https://github.com/XiaomingX/awesome-poc-for-red-team

- https://github.com/Zombie-Kaiser/cve-2024-4367-PoC-fixed

- https://github.com/ahmad-kabiri/CVE-2024-4367-PoC

- https://github.com/alecdhuse/Lantern-Shark

- https://github.com/avalahEE/pdfjs_disable_eval

- https://github.com/clarkio/pdfjs-vuln-demo

- https://github.com/elamani-drawing/CVE-2024-4367-POC-PDFJS

- https://github.com/exfil0/WEAPONIZING-CVE-2024-4367

- https://github.com/google/fishy-pdf

- https://github.com/hellomipl/mipl-pdf-viewer

- https://github.com/inpentest/CVE-2024-4367-PoC

- https://github.com/kabiri-labs/CVE-2024-4367-PoC

- https://github.com/klausnitzer/pentest-pdf-collection

- https://github.com/m0d0ri205/PDFJS

- https://github.com/nomi-sec/PoC-in-GitHub

- https://github.com/pS3ud0RAnD0m/cve-2024-4367-poc

- https://github.com/pedrochalegre7/CVE-2024-4367-pdf-sample

- https://github.com/plzheheplztrying/cve_monitor

- https://github.com/rjm521/hdfs-dashboard

- https://github.com/romanbelaire/notebook

- https://github.com/rzte/pdf-exploit

- https://github.com/s4vvysec/CVE-2024-4367-POC

- https://github.com/snyk-labs/pdfjs-vuln-demo

- https://github.com/spaceraccoon/detect-cve-2024-4367

- https://github.com/tanjiti/sec_profile

- https://github.com/zgimszhd61/openai-sec-test-cve-quickstart

- https://github.com/zulloper/cve-poc