CVE-2024-4367 PoC — Mozilla Firefox 安全漏洞

Source

https://github.com/0xr2r/CVE-2024-4367

Associated Vulnerability

Title:Mozilla Firefox 安全漏洞 (CVE-2024-4367)
Description:A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

Readme

# CVE-2024-4367 POC


## Usage

```bash
python poc.py mal.pdf "alert\('0xr2r')"
```




## References

- [CVE-2024-4367: Arbitrary JS Execution in PDF.js](https://codeanlabs.com/blog/research/cve-2024-4367-arbitrary-js-execution-in-pdf-js/)
- [PDF.js](https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq)
- [POC](https://www.youtube.com/watch?v=VxgEYQyx5EU)




## scaner

- [templates](https://github.com/0xr2r/templates-nucleir2r/blob/main/CVE-2024-4367.yaml)
- 
![لقطة الشاشة 2025-08-22 085852](https://github.com/user-attachments/assets/e0ce9cf3-ea19-48d5-ab9f-bb92865fd89d)

File Snapshot


 [4.0K]  /data/pocs/ab997b4c35cdec5d779c3d16415a6b1fec821835
├── [2.3K]  CVE-2024-4367.py
├── [1.8K]  mali.pdf
└── [ 611]  README.md

0 directories, 3 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →