HIGH 8.8
CVE-2024-4367
A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.
CVSS v3 CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Apps mobiles affectées
Configurations CPE vulnérables
| Vendor | Produit | Plateforme | Versions | CPE 2.3 URI |
|---|---|---|---|---|
| mozilla | firefox | Android | <115.11.0 | cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* |
| mozilla | firefox | iOS | <115.11.0 | cpe:2.3:a:mozilla:firefox:*:*:*:*:esr:*:*:* |
| mozilla | firefox | Android | <126.0 | cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* |
| mozilla | firefox | iOS | <126.0 | cpe:2.3:a:mozilla:firefox:*:*:*:*:-:*:*:* |