Mozilla PDF.js Arbitrary Code Execution Vulnerability - 20240508003¶
Overview¶
A vulnerability has been discovered in Mozilla PDF.js could allow for arbitrary code execution. Mozilla PDF.js is a PDF viewer that is built into Mozilla Firefox and can be used by other web browsers.
What is vulnerable?¶
| CVE | Severity | CVSS | Product(s) Affected | Summary | Dated |
|---|---|---|---|---|---|
| CVE-2024-4367 | High | 8.2 | \<= 4.1.392 | N/A | 07/05/2024 |
What has been observed?¶
There is no evidence of exploitation affecting Western Australian Government networks at the time of publishing.
Recommendation¶
The WA SOC recommends administrators apply the solutions as per vendor instructions to all affected devices within expected timeframe of one month... (refer Patch Management):