CVE-2024-4367 PoC — Mozilla Firefox 安全漏洞

Source

https://github.com/0xr2r/CVE-2024-4367

Associated Vulnerability

Title:Mozilla Firefox 安全漏洞 (CVE-2024-4367)
Description:Mozilla Firefox是美国Mozilla基金会的一款开源Web浏览器。 Mozilla Firefox 126 版本之前存在安全漏洞，该漏洞源于处理 PDF.js 中的字体时缺少类型检查，这将允许在 PDF.js 环境中执行任意 JavaScript。

Readme

# CVE-2024-4367 POC


## Usage

```bash
python poc.py mal.pdf "alert\('0xr2r')"
```




## References

- [CVE-2024-4367: Arbitrary JS Execution in PDF.js](https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/)
- [PDF.js](https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq)
- [POC](https://www.youtube.com/watch?v=VxgEYQyx5EU)




## scaner

- [templates](https://github.com/0xr2r/templates-nucleir2r/blob/main/CVE-2024-4367.yaml)
- 
![لقطة الشاشة 2025-08-22 085852](https://github.com/user-attachments/assets/e0ce9cf3-ea19-48d5-ab9f-bb92865fd89d)

File Snapshot


 [4.0K]  /data/pocs/ab997b4c35cdec5d779c3d16415a6b1fec821835
├── [2.3K]  CVE-2024-4367.py
├── [1.8K]  mali.pdf
└── [ 611]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. If the original source is unavailable, please email f.jinxu#gmail.com for a local snapshot (replace # with @).

3. Shenlong has snapshotted the POC code for you. To support long-term maintenance, please consider donating. Thank you for your support.