arbitrary code execution in PDF.js.
a malicious PDF can execute arbitrary JS as soon as it's opened in Firefox.
codeanlabs.com/blog/research/cā¦
CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js ā Codean Labs
A vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened.Thomas Rinsma (Codean Labs)
This entry was edited (1 year ago)