Join the Conversation

9 Comments

  1. @mdrockwell Running JavaScript inside PDFs is a bad idea and Mozilla previously disabled it by default. But now with FireFox 88 this option is ENABLED by default. Which means, if a PDF file contains JS it will run without any user interaction. What can possibly go wrong?

    To disable this:
    about:config
    pdfjs.enableScripting –> false

  2. @mdrockwell it’s the rendering of the JavaScript in the PDF that’s the problem. The PDF rendering engines are generally very permissive, not well sandboxed and have previously contained well known vulnerabilities (Adobe in particular).

Leave a comment

Your email address will not be published. Required fields are marked *

%d bloggers like this: