{"vulnerability": "CVE-2024-34342", "sightings": [{"uuid": "c604e88c-1abf-49d9-a4e7-a299db53b1f0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/TheDarkWebInformer/368", "content": "\ud83d\udea8POC RELEASED\ud83d\udea8PoC for CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js\n\n#DarkWeb #Cybersecurity #Security #Cyberattack #Cybercrime #Privacy #Infosec #CVE20244367 #CVE202434342 #Vulnerability \n\nhttps://x.com/DarkWebInformer/status/1793295146588459283", "creation_timestamp": "2024-05-22T18:12:14.000000Z"}, {"uuid": "88c8c8e3-9b7c-47f0-aaac-e5f84e1db949", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/brutsecurity/390", "content": "\ud83d\udea8CVE-2024-4367 & CVE-2024-34342: Arbitrary JavaScript execution in PDF.js \n \n \n \n\ud83d\udc49A type check was missing when handling fonts in PDF.js, which would allow arbitrary JavaScript execution in the PDF.js context. This vulnerability affects Firefox < 126, Firefox ESR < 115.11, and Thunderbird < 115.11. \n \nIf pdf.js is used to load a malicious PDF, and PDF.js is configured with isEvalSupported set to true (which is the default value), unrestricted attacker-controlled JavaScript will be executed in the context of the hosting domain. \n \n \n \n\ud83d\udce2POC: https://www.youtube.com/watch?v=c90_UKJvj_w \n \n\ud83d\udce2POC: https://github.com/LOURC0D3/CVE-2024-4367-PoC", "creation_timestamp": "2024-05-21T10:36:42.000000Z"}, {"uuid": "0a42d558-31ff-4046-a18c-e746819bedda", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "9f56dd64-161d-43a6-b9c3-555944290a09", "vulnerability": "CVE-2024-34342", "type": "published-proof-of-concept", "source": "https://t.me/HackingInsights/173", "content": "\u200aCVE-2024-4367 & CVE-2024-34342: JavaScript Flaws Threaten Millions of PDF.js and React-PDF Users\n\nhttps://securityonline.info/cve-2024-4367-cve-2024-34342-javascript-flaw-threatens-millions-of-pdf-js-and-react-pdf-users/", "creation_timestamp": "2024-05-08T11:25:59.000000Z"}]}