Javascript + Adobe; you got your exploit in my vulnerability ...

Subject: General Tech | February 21, 2013 - 12:27 PM |
Tagged: Adobe, firefox, pdf, javascript, fud

What could possibly go wrong by combining two of malwares most favourite security holes into one?  With FoxIt recently sprouting leaks and Adobe's continual duct taping of it's Reader, reading PDFs online is a great way to catch something nasty. Then again, there is always malformed Javascript commands and links which are another very popular way to give your PC a cybernetically transmitted disease.  The new Firefox combines the two in their latest version, 19.0, which is currently in beta testing and it uses an open sourced Javascript add on to open PDFs online, which will likely improve the responsiveness and loading time of PDF links.  The real question won't be answered until use of this new add on becomes commonplace and we find out if the two combine into some a gaping new hole into your PC or if somehow mismatched vulnerabilities will combine to create an actual secure way to read PDFs.  Then again, maybe it will not introduce anything new at all.  More at The Register or grab the latest Firefox and try it yourself.

RememberThatCommercial.jpg

"Mozilla's Firefox web browser now includes a built-in PDF viewer - allowing users to bin plugins from Adobe and other developers.

The move to run third-party PDF file readers out of town comes after security holes were discovered in closed-source add-ons from FoxIt and Adobe. The new built-in document viewer is open source, just like Firefox, and is written in JavaScript."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

That safe and secure Foxit plugin you use?

Subject: General Tech | January 14, 2013 - 02:00 PM |
Tagged: pdf, foxit, security, fud

The Register has some bad news about that PDF reader you prefer to Adobe's software, a new vulnerability which does not even stem from booby-trapped document but from a long link name.  It seems that you can cause a buffer overflow in Foxit simply by copying the entire URL into a fixed-sized buffer when the user clicks on a PDF which "pretty much lets you write to a memory location of your choice".  5.4.4.1128 and older version are vulnerable and we have yet to hear from the creators of Foxit.  Looks like no PDF reader is safe at this point.

foxit.JPG

"A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There's no patch for this zero-day vulnerability.

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs."

Here is some more Tech News from around the web:

Tech Talk

Source: The Register

Firefox PDF Reader Nearing Completion, Optional Extension Available Now

Subject: General Tech | October 29, 2011 - 05:56 AM |
Tagged: software, pdf, open source, mozilla, firefox, browser

One of the most useful features in Google’s Chrome web browser is the built in PDF reader. It is a feature that I use almost every day, and although I keep an install of Firefox’s Aurora browser as a backup I have yet to return to using Firefox as my main browser since first checking out Chrome.

I’ve been wanting an integrated PDF reader in Firefox for some time now, and if this story is correct, Mozilla may be one step closer to delivering just that. According to the article, Mozilla has been developing a PDF viewer built using HTML 5 and Javascript technologies. Currently the open source project is called PDF.js, and the development team is working on integrating it into Firefox.

For now though, the team has released PDF.js as a browser extension for the open source browser. In addition to the extension download, the source code is available on GitHub for anyone to view and edit.

PDFjs.png

PDF.js displaying a Dell service manual in PDF format.

As it is now, the PDF.js add-on rather basic, but is definitely off to a good start. You are able to navigate by sections or page thumbnails accessible by a mouse-over pop-up menu on the left of the window. Along the top are buttons for previous and next page, navigating to a specific page, zooming in and out, downloading, printing, and searching the PDF document.

During some informal testing using a 94 page Dell service manual in PDF form, scrolling was smooth enough until hitting a new page upon which there was a bit of lag. Navigating to specific pages was rather quick, however.

The PDF reader is off to a good start and I may have one more reason to switch back to Mozilla’s browser soon enough. What do you guys and gals think about built in PDF support, is it something you find useful during your daily browsing?  If you're interested in checking it out for yourself, the extension is available for download here.  Simply download this "pdf.js.xpi" file and install it (choose the Firefox or Aurora executable for installation if Windows does not assign the .xpi extension to Firefox automatically) using Firefox.  Now navigate to a PDF file on any webpage to have it automatically open using PDF.js.

Source: Geek.com