tags:pdf.jsXSSelectron original link: CVE-2024-4367: Arbitrary JavaScript execution in PDF.js newsletter link: exploits.club Weekly Newsletter 22
Exploits Club Summary:
Okay, thatâs lots of Chrome bugsâŠtired of reading JS yet? Well too bad, because Codean Labs is coming with an interesting vulnerability in PDF.js, the pdf viewer maintained by Mozilla and used in Firefox. The core vulnerability stems from a missing type check in the Glyph rendering code. For applications that embed PDF.js, the result is an XSS on the domain the PDF is viewed. For non-sandboxed electron appsâŠyikes.