Already fixed in the latest insider build, 1.6.1
Duplicate of: CVE-2024-4367 – Arbitrary JavaScript execution in PDF.js