CodeanWe found a vulnerability in Mozilla’s PDF.js (CVE-2024-4367 and CVE-2024-34342 via react-pdf) resulting in arbitrary JavaScript execution when opening a malicious PDF. This results in XSS on many web- and even desktop apps. Blog post coming soon!
https://www.linkedin.com/feed/update/urn:li:share:7193937316061609984
https://www.linkedin.com/feed/update/urn:li:share:7193937316061609984
