Avatar for Username

Tìm kiếm hỗ trợ

Tránh các lừa đảo về hỗ trợ. Chúng tôi sẽ không bao giờ yêu cầu bạn gọi hoặc nhắn tin đến số điện thoại hoặc chia sẻ thông tin cá nhân. Vui lòng báo cáo hoạt động đáng ngờ bằng cách sử dụng tùy chọn "Báo cáo lạm dụng".

Learn More

Chủ đề này đã được lưu trữ. Vui lòng hỏi một câu hỏi mới nếu bạn cần giúp đỡ.

Does Firefox PDF Viewer Have Some Kind of Security Sandbox?

FlyerFlox
FlyerFlox
more options

I went searching on Google the other day for free e-books, but I stupidly forgot to turn on NoScript. I clicked on what was, in retrospect, a very questionable Google link for a PDF file.

Just to be safe, I did a full-system scan and boot-time scan with Avast, as well as a full-system scan with Comodo, but nothing malicious turned up. However, I know that these anti-malware programs are not foolproof, and malware is becoming ever more able to evade them. That said, I have not found any specific evidence that would suggest my computer is infected with malware.

So my question is, does Firefox or Firefox PDF Viewer sandbox PDF files in anyway, so that a PDF opened in the Firefox browser could be contained and/or prevented from executing any malicious scripts? I tried to look this up, but I cannot quite understand many things I have read because they are written in very technical language that I am not familiar with.

Thank you very much for any help you can provide; it is greatly appreciated!

I went searching on Google the other day for free e-books, but I stupidly forgot to turn on NoScript. I clicked on what was, in retrospect, a very questionable Google link for a PDF file. Just to be safe, I did a full-system scan and boot-time scan with Avast, as well as a full-system scan with Comodo, but nothing malicious turned up. However, I know that these anti-malware programs are not foolproof, and malware is becoming ever more able to evade them. That said, I have not found any specific evidence that would suggest my computer is infected with malware. So my question is, does Firefox or Firefox PDF Viewer sandbox PDF files in anyway, so that a PDF opened in the Firefox browser could be contained and/or prevented from executing any malicious scripts? I tried to look this up, but I cannot quite understand many things I have read because they are written in very technical language that I am not familiar with. Thank you very much for any help you can provide; it is greatly appreciated!

Tất cả các câu trả lời (2)

jpants
jpants
more options

Hi FlyerFlox, I would not depend on a browser to provide advanced functions regarding PDFs.

Instead, I would download the file, scan it with anti-virus, then open it with Adobe Reader.

Before opening it in Reader, go to: Preferences >> JavaScript >> Enable Acrobat JavaScript = Off.

When done with the PDF file, turn JavaScript back on.

jscher2000 - Support Volunteer
jscher2000 - Support Volunteer
  • Top 10 Contributor
more options

Hi FlyerFlox, Firefox has some amount of sandboxing, meaning, it can run web content in a less privileged context that provides less access to the system. However, this appears to require that your Firefox is running in multiprocess mode (also known as e10s), which can be blocked by some legacy add-ons. Therefore, I don't know whether your Firefox was sandboxing content at the time you opened the PDF.

The code used to convert PDFs to HTML -- generally known as the "pdf.js" library -- has suffered from one or more disclosed and patched security flaws. Likely, since code is made by humans, other vulnerabilities will be discovered in the future.

That said, I don't know whether anyone has discovered exploits in the wild for pdf.js recently and whether you would have happened across one randomly (as opposed to getting an attachment via phishing attack message).

Regarding scripts, I don't know pdf.js can run the scripts that some PDF authors embed in their PDFs. It might still be a missing or incomplete feature. It's hard to search about that because pdf.js is written in JavaScript...