A critical vulnerability, CVE-2024-4367, has been discovered in PDF.js, a widely used JavaScript-based PDF viewer maintained by Mozilla.
The issue affects all Firefox users with versions below 126 and numerous web and Electron-based applications that utilize PDF.js for PDF preview functionality.
PDF.js is integrated into Firefox as its built-in PDF viewer and is also available as a Node module called pdfjs-dist, which has approximately 2.7 million weekly downloads on NPM.
https://cybersecuritynews.com/poc-relea ... avascript/