If you don’t need/like this idea you can mitigate it:
about:config, and accept the dire warning.
pdfjs.enableScripting and change to false.
what does document viewer 40.1 with those scripts?
download instead of viewing pdfs inside browsers…gnome default pdf viewer doesn’t support js yet
be aware, kde supports js.
if i have the Noscript add-on,am i protected?
edit:i disabled it anyway,thanks for the heads up.