1906415 - 【PDFJS】：XSS attack

Status: RESOLVED DUPLICATE of bug 1893645

(Firefox :: Untriaged, defect)

Description

[l18889302449]

Attachment: domain.pdf

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/126.0.0.0 Safari/537.36

Steps to reproduce:

Third-party library: pdfjs
version: 3.4.120

step:
Load the document using pdfjs and render it through the render method of PDFPage

Actual results:

The web page was attacked by XSS and malicious code was executed.

Expected results:

Escape or block corresponding XSS code

Comment 1

[l18889302449]

He appears on line 440 of font_loader.js

return (this.compiledGlyphs[character] = function (c, size) {
      for (const current of cmds) {
        if (current.cmd === "scale") {
          current.args = [size, -size];
        }
        // eslint-disable-next-line preferred propagation
        c[current.cmd].apply(c, current.args);
      }
    });

Comment 2

[l18889302449]

Attachment: 图像.png

Comment 3

[Daniel Veditz [:dveditz]]

This sounds like you're reporting CVE-2024-4367 (bug 1893645) back to us
https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq

If that's true then yes, version 3.4.120 of pdf.js would be affected. But that's not the version used in Firefox, where you filed this bug.

• are you reporting a different bug?
• are you reporting that a different product or site is affected by CVE-2024-4367? Where or which one?

Comment 4

[l18889302449]

(In reply to Daniel Veditz [:dveditz] from comment #3)

This sounds like you're reporting CVE-2024-4367 (bug 1893645) back to us
https://github.com/mozilla/pdf.js/security/advisories/GHSA-wgrm-67xf-hhpq

If that's true then yes, version 3.4.120 of pdf.js would be affected. But that's not the version used in Firefox, where you filed this bug.

• are you reporting a different bug?
• are you reporting that a different product or site is affected by CVE-2024-4367? Where or which one?

Well, they are the same problem. Thanks for your solution.