CVE-2024-4367

EPSS 37.17%
Veröffentlicht 14.05.2024 18:15:12
Zuletzt bearbeitet 24.04.2025 19:15:46
Quelle security@mozilla.org
Teams Watchlist Login
Unerledigt Login

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 14

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Mozilla ≫ Firefox SwEditionesr Version < 115.11.0

Mozilla ≫ Firefox SwEdition- Version < 126.0

Mozilla ≫ Thunderbird Version < 115.11.0

Debian ≫ Debian Linux Version10.0

Open-xchange ≫ Open-xchange Appsuite Frontend Version < 7.10.6

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Update-

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision10

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision11

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision12

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision13

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision14

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision15

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision16

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision17

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision18

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision19

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision20

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision21

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision22

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision23

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision24

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision25

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision26

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision27

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision28

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision29

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision3

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision30

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision31

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision32

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision33

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision34

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision35

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision36

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision37

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision38

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision39

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision4

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision40

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision41

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision42

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision43

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision44

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision5

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision6

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision7

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision8

Open-xchange ≫ Open-xchange Appsuite Frontend Version7.10.6 Updaterevision9

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	37.17%	0.97

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	8.8	2.8	5.9	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
134c704f-9b21-4f2e-91b3-4a467353bcc0	5.6	2.2	3.4	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE-754 Improper Check for Unusual or Exceptional Conditions

The product does not check or incorrectly checks for unusual or exceptional conditions that are not expected to occur frequently during day to day operation of the product.

https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

Issue Tracking

https://lists.debian.org/debian-lts-announce/2024/05/msg00010.html

Mailing List

https://lists.debian.org/debian-lts-announce/2024/05/msg00012.html

Mailing List

https://www.mozilla.org/security/advisories/mfsa2024-21/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-22/

Vendor Advisory

https://www.mozilla.org/security/advisories/mfsa2024-23/

Vendor Advisory