Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2024-4367
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
Mozilla Firefox 安全漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 126 版本之前存在安全漏洞,该漏洞源于处理 PDF.js 中的字体时缺少类型检查,这将允许在 PDF.js 环境中执行任意 JavaScript。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
VendorProductAffected VersionsCPESubscribe
MozillaFirefox unspecified ~ 126 -
MozillaFirefox ESR unspecified ~ 115.11 -
MozillaThunderbird unspecified ~ 115.11 -
II. Public POCs for CVE-2024-4367
#POC DescriptionSource LinkShenlong Link
1CVE-2024-4367 & CVE-2024-34342 Proof of Concepthttps://github.com/LOURC0D3/CVE-2024-4367-PoCPOC Details
2CVE-2024-4367 arbitrary js execution in pdf jshttps://github.com/s4vvysec/CVE-2024-4367-POCPOC Details
3YARA detection rule for CVE-2024-4367 arbitrary javascript execution in PDF.jshttps://github.com/spaceraccoon/detect-cve-2024-4367POC Details
4CVE-2024-4367 mitigation for Odoo 14.0https://github.com/avalahEE/pdfjs_disable_evalPOC Details
5This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367https://github.com/clarkio/pdfjs-vuln-demoPOC Details
6PDF.js是由Mozilla维护的基于JavaScript的PDF查看器。此漏洞允许攻击者在打开恶意 PDF 文件后立即执行任意 JavaScript 代码。这会影响所有 Firefox 用户 (<126),因为 Firefox 使用 PDF.js 来显示 PDF 文件,但也严重影响了许多基于 Web 和 Electron 的应用程序,这些应用程序(间接)使用 PDF.js 进行预览功能。https://github.com/Zombie-Kaiser/cve-2024-4367-PoC-fixedPOC Details
7This project is intended to serve as a proof of concept to demonstrate exploiting the vulnerability in the PDF.js (pdfjs-dist) library reported in CVE-2024-4367https://github.com/snyk-labs/pdfjs-vuln-demoPOC Details
8PoC - Prueba de Concepto de CVE-2024-4367 en conjunto al CVE-2023-38831 en un solo Scripthttps://github.com/UnHackerEnCapital/PDFernetRemoteloPOC Details
9CVE-2024-4367复现https://github.com/Scivous/CVE-2024-4367-npmPOC Details
10Nonehttps://github.com/Masamuneee/CVE-2024-4367-AnalysisPOC Details
11Nonehttps://github.com/pedrochalegre7/CVE-2024-4367-pdf-samplePOC Details
12CVE-2024-4367 is a critical vulnerability (CVSS 9.8) in PDF.js, allowing arbitrary JavaScript code execution due to insufficient type checks on the FontMatrix object within PDF files.https://github.com/exfil0/WEAPONIZING-CVE-2024-4367POC Details
13This Proof of Concept (PoC) demonstrates the exploitation of the CVE-2024-4367 vulnerability, which involves Cross-Site Scripting (XSS) attacks.https://github.com/inpentest/CVE-2024-4367-PoCPOC Details
14Nonehttps://github.com/elamani-drawing/CVE-2024-4367-POC-PDFJSPOC Details
15Nonehttps://github.com/VVeakee/CVE-2024-4367POC Details
16PDF host for CVE-2024-4367https://github.com/BektiHandoyo/cve-pdf-hostPOC Details
17Nonehttps://github.com/Threekiii/Awesome-POC/blob/master/Web%E5%BA%94%E7%94%A8%E6%BC%8F%E6%B4%9E/PDF.js%20%E4%BB%BB%E6%84%8F%20JavaScript%20%E4%BB%A3%E7%A0%81%E6%89%A7%E8%A1%8C%20CVE-2024-4367.mdPOC Details
18https://github.com/vulhub/vulhub/blob/master/pdfjs/CVE-2024-4367/README.mdPOC Details
19CVE-2024-4367https://github.com/Bhavyakcwestern/Hacking-pdf.js-vulnerabilityPOC Details
20Nonehttps://github.com/PenguinCabinet/CVE-2024-4367-hands-onPOC Details
21POC for PDF JS' CVE-2024-4367 vulnhttps://github.com/pS3ud0RAnD0m/cve-2024-4367-pocPOC Details
22POChttps://github.com/MihranGIT/POC_CVE-2024-4367POC Details
23Nonehttps://github.com/MihranGIT/CVE-2024-4367POC Details
24wargame, CVE-2024-4367https://github.com/m0d0ri205/PDFJSPOC Details
25This Proof of Concept (PoC) demonstrates the exploitation of the CVE-2024-4367 vulnerability, which involves Cross-Site Scripting (XSS) attacks.https://github.com/ahmad-kabiri/CVE-2024-4367-PoCPOC Details
26Nonehttps://github.com/0xr2r/CVE-2024-4367POC Details
27Odoo ≤17 is vulnerable to CVE-2024-4367, allowing arbitrary JavaScript execution via PDF.js.https://github.com/1337rokudenashi/Odoo_PDFjs_CVE-2024-4367.pdfPOC Details
28This Proof of Concept (PoC) demonstrates the exploitation of the CVE-2024-4367 vulnerability, which involves Cross-Site Scripting (XSS) attacks.https://github.com/kabiri-labs/CVE-2024-4367-PoCPOC Details
AI-Generated POCPremium

No public POC found.

Login to generate AI POC
III. Intelligence Information for CVE-2024-4367
Please Login to view more intelligence information
IV. Related Vulnerabilities
Same product: Firefox
Same vendor: Mozilla
V. Comments for CVE-2024-4367

No comments yet

Leave a comment