suse · CVE-2024-4367

Quick triage

Priority: high Published: 2024-05-14 23:12:36 UTC Updated: 2026-03-05 02:59:15 UTC

View at Official suse advisory, NVD, CVE.org · CVE detail

Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.

Tracker summary

CVE-2024-4367 severity important: SUSE including 36 source package names (MozillaFirefox-115.11.0-112.212.1, MozillaFirefox-115.11.0-150200.152.137.2, …), 152 product×package rows across 53 product lines (Container suse/kiosk/firefox-esr, Image SLES12-SP5-SAP-Azure-LI-BYOS-Production, … (53 product lines)): Fixed 152.

Description:

A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11.

cvelogic Threat Intelligence