PDFJS

[Itadakimasu]

Hi,

Now that Firefox makes it tough to use Adobe Reader as a plugin (I tried various things in about:config with no success), what do you advice ? I'll break down the question in 3 so it's easier to reply.

1/ I previously had "Adobe Javascript" disabled in Reader, but now I need to whitelist the actual site where the PDF is stored to read it. Is it acceptable if we assume the PDF is the only file loaded while the site is whitelisted ? Note that pdf.js itself is not whitelisted. I would like to know what's occurring and what JS actually gets executed for this PDF to suddenly become displayable upon site whitelisting.

2/ Secondly, often there will be the need to allow Font@resource://pdf.js because many characters are not visible without it. Is it any more secure allowing this for PDFJS than it is to allow fonts for any website ? Because allowing fonts on random sites is not very safe.

3/ Finally and as a sum up, what is the safest way to open a PDF in Firefox today ? Adobe Reader with JavaScript disabled seemed pretty fine to me, but if PDFJS is better, I would like to know which NoScript configuration makes it safer. If Reader without javascript IS better and you know how to make Firefox use it like it used to, I'm curious about how.



Thanks !

[therube]

A quick look tells me that PDFJS is awful.

To use Adobe Reader plugin:

> about:config, pdfjs.disabled, set to 'true'
> Options | Applications -> Adobe Acrobat Document, set to Use Adobe Acrobat (in Firefox)

1. "Adobe Javascript"

(I don't exactly understand, but) by default Adobe allows its documents to "execute" JavaScript. Makes sense to disable that ability in Adobe.

Have no idea, but would assume (?) that that is already figured into the equation in PDFJS. Thinking that PDFJS cannot run JavaScript within the context of the PDF ?

> PDF is the only file loaded while the site is whitelisted

I don't see the need to whitelist the site at all.

3. Safest.

Safest is to not open a PDF in your browser at all. So don't use the Adobe plugin & don't use PDFJS. Save/open it outside of the browser in your PDF reader program.

Is Adobe plugin safer then PDFJS? Haven't a clue though would think a search should turn up some responses on the matter.

[Thrawn]

A quick look tells me that PDFJS is awful.

If you mean the level of PDF support and faithful rendering, it's certainly not as good as Adobe etc. Usually readable, though.

Have no idea, but would assume (?) that that is already figured into the equation in PDFJS. Thinking that PDFJS cannot run JavaScript within the context of the PDF ?

I doubt that PDF.js makes any attempt to run in-document JavaScript. It's meant to be tiny and relatively safe, so interpreting JavaScript seems contrary to its goals. I haven't asked Google, though.

Safest is to not open a PDF in your browser at all. So don't use the Adobe plugin & don't use PDFJS. Save/open it outside of the browser in your PDF reader program.

How, exactly, is that safer? If there is malicious code in the PDF, then I don't see how hacking Adobe Reader standalone is any safer than hacking the Adobe Reader Firefox plugin. And if you're talking about using a different reader instead of Adobe - well, PDF.js qualifies, right?

Is Adobe plugin safer then PDFJS? Haven't a clue though would think a search should turn up some responses on the matter.

The idea of PDF.js is that JavaScript is a relatively safe language (not generally subject to buffer overruns, etc), so it is likely to be safer than a plugin written in C. We consider JavaScript in web pages to be a threat, simply because it is active content, but I'd much rather allow web pages to run JavaScript than allow them to run arbitrary C code...

[Itadakimasu]

To use Adobe Reader plugin:

> about:config, pdfjs.disabled, set to 'true'
> Options | Applications -> Adobe Acrobat Document, set to Use Adobe Acrobat (in Firefox)

Yes I've tried that, but unfortunately I don't have the option "Use Adobe Acrobat (in Firefox)" even after restarting Fx.


So basically it seems PDFJS is fine to use over Reader, even if pdf.js fonts are allowed ?
Isn't there a higher risk to have the malicious code spread over the Firefox session though ? With Adobe Reader and in-PDF JavaScript disabled, if Reader is compromised and assuming the sandbox isn't broken, Firefox won't get affected because it's not the same process.

[Thrawn]

Yes I've tried that, but unfortunately I don't have the option "Use Adobe Acrobat (in Firefox)" even after restarting Firefox.

Well, is Adobe properly installed?

With Adobe Reader and in-PDF JavaScript disabled, if Reader is compromised and assuming the sandbox isn't broken, Firefox won't get affected because it's not the same process.

Errr...if the Adobe plugin is compromised, then the attacker has full access to your file system, and you're sunk. The sandbox is internal to the plugin, so compromising the plugin implies breaking out of the sandbox. You may as well rely on the JavaScript sandbox.

[Itadakimasu]

Okay, thanks for your replies
I guess I'll keep temp whitelisting websites when I need to read a PDF. Sometimes whitelisting pdf.js itself and Font@Resource://pdf.js as well.

And yup, Reader is installed properly. It works with versions of Firefox that don't have PDFJS.