CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now | allinfosecnews.com

May 21, 2024, 11:45 a.m. | MalBot

Malware Analysis, News and Indicators - Latest topics malware.news

CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now

Security experts identified a significant vulnerability in PDF.js, a widely used JavaScript library for displaying PDF documents in web browsers, which is actively maintained by Mozilla.

Aside from being an integral component of web browsers like Firefox, PDF.js is also distributed as a module on NPM (Node Package Manager) under the name pdfjs-dist, receiving nearly 2.8 million weekly downloads.

PDF.js (pdjs-dist) on NPM

Although a fixed …

browsers cve cve-2024 documents experts javascript library millions mozilla pdf pdf.js security security experts update update now vulnerability web web browsers websites

More from malware.news / Malware Analysis, News and Indicators - Latest topics

Malicious Life Podcast: Section 230: The Law that Makes Social Media Great, and Terrible 59 minutes ago | malware.news

complexities debates episode great +11

Cofense Adds Email Security Risk Management and Validation Reporting to PhishMe® an hour ago | malware.news

addition allies and response awareness +35

Sophos Provides Progress on its Pledge to CISA’s Secure by Design Initiative an hour ago | malware.news

article cisa design framework +10

L’infostealer 0bj3ctivity è tornato in azione an hour ago | malware.news

article cert infostealer link +1

Programmatic Internet Connection Sharing an hour ago | malware.news

code current dll gateway +5

Critical MOVEit Authentication Bypass Flaws Fixed an hour ago | malware.news

authentication authentication bypass bypass critical +22

Chinese APT Moves to Ransomware in Some Intrusions an hour ago | malware.news

apt attacks brazil chinese +12

Cyber Insurance and Cyber Defenses 2024: Lessons from IT and Cybersecurity Leaders 2 hours ago | malware.news

access article cyber cyber coverage +15

Protocol Tunneling: Tools and Techniques 2 hours ago | malware.news

article link protocol reliaquest +4

Information Technology Specialist I: Windows Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, California

View on infosec-jobs.com

Information Technology Specialist I, LACERA: Information Security Engineer

@ Los Angeles County Employees Retirement Association (LACERA) | Pasadena, CA

View on infosec-jobs.com

Vice President, Controls Design & Development-7

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Vice President, Controls Design & Development-5

@ State Street | Quincy, Massachusetts

View on infosec-jobs.com

Data Scientist & AI Prompt Engineer

@ Varonis | Israel

View on infosec-jobs.com

Contractor

@ Birlasoft | INDIA - MUMBAI - BIRLASOFT OFFICE, IN

View on infosec-jobs.com