Skip to main content

Public advisory of scammers impersonating CSA and the SPF

Stay vigilant. Read the public advisory

Cyber Security Agency of Singapore
  1. Home
  2. Alerts & Advisories
  3. Alerts
  4. High-Severity Vulnerability in Mozilla PDF.js
Alerts

High-Severity Vulnerability in Mozilla PDF.js

28 May 2024

Security researchers have discovered a high-severity vulnerability (CVE-2024-4367) in Mozilla PDF.js. Mozilla PDF.js is a PDF viewer that is built into Mozilla Firefox and is also utilised in various web-based applications for previewing PDF documents.

Successful exploitation of this vulnerability could allow an attacker to remotely execute code via a malicious PDF file.

The vulnerability affects Mozilla PDF.js versions prior to 4.2.67 as well as Mozilla Firefox versions prior to 126. Applications that use vulnerable versions of PDF.js are similarly impacted by the vulnerability.

Users and administrators of affected product versions are advised to update to the latest versions immediately. Developers of JavaScript/Typescript-based applications that handle PDF files are also advised to check for and update any affected versions of PDF.js used in their applications.

More information is available here:

https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/

https://www.cisecurity.org/advisory/a-vulnerability-in-mozilla-pdfjs-could-allow-for-arbitrary-code-execution_2024-046

Back to top