PSA: Firefox 88 enables embedded javascript by default in pdf documents

Be aware that the firefox devs have decided to enable javascript by default in the firefox native pdf viewer (been disabled previously).

If you don’t need/like this idea you can mitigate it:

  1. Open about:config, and accept the dire warning.

  2. Navigate to pdfjs.enableScripting and change to false.

H/T: Slashdot


what does document viewer 40.1 with those scripts?

It is not the viewer in question - by enabling JavaScript you are opening for a heap of privacy issues and possible malware injection by downloading arbitrary scripts and executing them in user context.

Bad bot.

1 Like

download instead of viewing pdfs inside browsers…gnome default pdf viewer doesn’t support js yet
be aware, kde supports js.

if i have the Noscript add-on,am i protected?
edit:i disabled it anyway,thanks for the heads up.