You could also disable Firefox's built-in PDF viewer and instead use an external... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		Mediterraneo10 on Sept 22, 2020 \| parent \| context \| favorite \| on: Embedded PDF viewer in Firefox 81 supports filling... You could also disable Firefox's built-in PDF viewer and instead use an external PDF viewer that doesn't even support Javascript.

snovv_crash on Sept 22, 2020 | [–]

Native PDF clients have had lots of security holes. In this case having the client written in JS means we can repurpose the battle hardened JS sandbox to also contain PDF exploits.

nitrogen on Sept 22, 2020 | | [–]

Not all PDF vulnerabilities involve JS though.

detaro on Sept 22, 2020 | [–]

You misunderstand the argument the parent comment makes. It's not about Javscript in PDFs.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact