This thread was archived. Əgər kömək lazımdırsa lütfən yeni sual verin.
Does Firefox PDF Viewer Have Some Kind of Security Sandbox?
I went searching on Google the other day for free e-books, but I stupidly forgot to turn on NoScript. I clicked on what was, in retrospect, a very questionable Google link for a PDF file.
Just to be safe, I did a full-system scan and boot-time scan with Avast, as well as a full-system scan with Comodo, but nothing malicious turned up. However, I know that these anti-malware programs are not foolproof, and malware is becoming ever more able to evade them. That said, I have not found any specific evidence that would suggest my computer is infected with malware.
So my question is, does Firefox or Firefox PDF Viewer sandbox PDF files in anyway, so that a PDF opened in the Firefox browser could be contained and/or prevented from executing any malicious scripts? I tried to look this up, but I cannot quite understand many things I have read because they are written in very technical language that I am not familiar with.
Thank you very much for any help you can provide; it is greatly appreciated!
All Replies (2)
Hi FlyerFlox, I would not depend on a browser to provide advanced functions regarding PDFs.
Instead, I would download the file, scan it with anti-virus, then open it with Adobe Reader.
Hi FlyerFlox, Firefox has some amount of sandboxing, meaning, it can run web content in a less privileged context that provides less access to the system. However, this appears to require that your Firefox is running in multiprocess mode (also known as e10s), which can be blocked by some legacy add-ons. Therefore, I don't know whether your Firefox was sandboxing content at the time you opened the PDF.
The code used to convert PDFs to HTML -- generally known as the "pdf.js" library -- has suffered from one or more disclosed and patched security flaws. Likely, since code is made by humans, other vulnerabilities will be discovered in the future.
That said, I don't know whether anyone has discovered exploits in the wild for pdf.js recently and whether you would have happened across one randomly (as opposed to getting an attachment via phishing attack message).