11 Jun
2015
11 Jun
'15
7:01 a.m.
Seth <list@sysfu.com> wrote:
Curious if the advice given above is still relevant and also what other on the list recommend for safe viewing of PDFs.
If your web browsing habits don't include NoScript, then you're likely no worse off using pdf.js to view PDFs than you are browsing arbitrary websites. After all, pdf.js has no more or less permissions than any other JS you might encounter in the wild; and since pdf.js is bundled with modern versions of Firefox, you might be inclined to think that it's likely non-malicious even if it's exploitable by rogue PDFs. But that's no worse than some JS malware you were fed via DNS poisoning or CDN hijacking. (This can be seen either as an implicit endorsement of pdf.js or of NoScript.) -=rsw