Skip to content

Masamuneee/CVE-2024-4367-Analysis

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

3 Commits
app
app
 
 
poc
poc
 
 
README.md
README.md
 
 

Repository files navigation

CVE-2024-4367: Arbitrary JavaScript Execution in PDF.js

Overview

CVE-2024-4367 is a critical vulnerability in the PDF.js library that allows arbitrary JavaScript execution in a user's browser, leading to Cross-Site Scripting (XSS) attacks. This affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Usages

Node in /app

npm install
npm start

PoC

  • python3 poc.py <payload>
  • Example: python3 poc.py "alert(1)"

Demo Videos

Mitigation

  • Update PDF.js to a version higher than 4.1.392.
  • Ensure your Firefox, Firefox ESR, or Thunderbird is up-to-date with the latest security patches.

Detailed Analysis

For a comprehensive analysis of CVE-2024-4367, read here.

PoC references

About

No description, website, or topics provided.

Resources

Readme
Activity

Stars

2 stars

Watchers

1 watching

Forks

0 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages