This post details CVE-2024-4367, a vulnerability in PDF.js found by Codean Labs. PDF.js is a JavaScript-based PDF viewer maintained by Mozilla. This bug allows an attacker to execute arbitrary JavaScript code as soon as a malicious PDF file is opened. This affects all Firefox users (<126) because PDF.js is used by Firefox to show PDF files, but also seriously impacts many web- and Electron-based a
![CVE-2024-4367 - Arbitrary JavaScript execution in PDF.js — Codean Labs](https://cdn-ak-scissors.b.st-hatena.com/image/square/54732ee1bb9ee4e92c15d0c4af3c09414ee8c905/height=288;version=1;width=512/https%3A%2F%2Fcodeanlabs.com%2Fwp-content%2Fuploads%2F2024%2F05%2Fpdfjs_header_mid.png)