CVE-2024-4367

EPSS 32.6%
Veröffentlicht 14.05.2024 18:15:12
Zuletzt bearbeitet 24.04.2025 19:15:46
Quelle security@mozilla.org
CVE-Watchlists
Login
Unerledigt
Login

PDF.js < 4.2.67 - Arbitrary JavaScript Execution

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Mögliche Gegenmaßnahme

Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer: Update to version 1.15.6, or a newer patched version

ARI Fancy Lightbox – Popup for WordPress: Update to version 1.3.15, or a newer patched version

BSK PDF Manager: Update to version 3.6.1, or a newer patched version

EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more: Update to version 4.0.3, or a newer patched version

PDF Embedder: Update to version 4.8.0, or a newer patched version

PDF Poster – Display PDF Files with Custom Viewer: Update to version 2.1.22, or a newer patched version

PDF Viewer for Elementor: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

PDF viewer for Elementor & Gutenberg: No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.

PDF.js Viewer: Update to version 2.2, or a newer patched version

Tainacan: Update to version 0.21.6, or a newer patched version

Wonder PDF Embed: Update to version 2.8, or a newer patched version

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 15

Weitere Schwachstelleninformationen

SystemWordPress Plugin

≫

Produkt Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer

Version * - 1.15.5

SystemWordPress Plugin

≫

Produkt ARI Fancy Lightbox – Popup for WordPress

Version * - 1.3.14

SystemWordPress Plugin

≫

Produkt BSK PDF Manager

Version * - 3.6

SystemWordPress Plugin

≫

Produkt EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more

Version * - 4.0.2

SystemWordPress Plugin

≫

Produkt PDF Embedder

Version * - 4.7.1

SystemWordPress Plugin

≫

Produkt PDF Poster – Display PDF Files with Custom Viewer

Version * - 2.1.21

SystemWordPress Plugin

≫

Produkt PDF Viewer for Elementor

Version * - 2.9.3

SystemWordPress Plugin

≫

Produkt PDF viewer for Elementor & Gutenberg

Version * - 1.3.2

SystemWordPress Plugin

≫

Produkt PDF.js Viewer

Version * - 2.1.8.1

SystemWordPress Plugin

≫

Produkt Tainacan

Version * - 0.21.5

SystemWordPress Plugin

≫

Produkt Wonder PDF Embed

Version * - 2.7

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox SwEditionesr Version < 115.11.0

Mozilla ≫ Firefox SwEdition- Version < 126.0

Mozilla ≫ Thunderbird Version < 115.11.0

Debian ≫ Debian Linux Version10.0

Open-xchange ≫ Open-xchange Appsuite Frontend Version < 7.10.6

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Update-

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision10

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision11

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision12

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision13

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision14

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision15

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision16

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision17

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision18

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision19

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision20

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision21

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision22

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision23

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision24

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision25

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision26

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision27

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision28

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision29

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision3

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision30

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision31

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision32

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision33

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision34

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision35

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision36

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision37

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision38

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision39

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision4

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision40

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision41

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision42

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision43

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision44

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision5

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision6

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision7

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision8

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	32.6%	0.967

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html

Mailing List

https://www.mozilla.org/security/advisories/mfsa2024-21/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-22/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-23/

Vendor Advisory