Git-Mirrors/firefox-user.js
1
0
Fork 0
mirror of https://github.com/arkenfox/user.js.git synced 2025-12-16 16:33:52 -05:00
Code Issues Projects Releases Packages Wiki Activity

update pdfjs CVEs info

Browse source
This commit is contained in:
Thorin-Oakenpants 2025-11-24 12:27:11 +00:00 committed by GitHub
parent c90135cf86
commit 4e94234f46
No known key found for this signature in database
GPG key ID: B5690EEEBB952194
1 changed files with 2 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

3
user.js
View file

@ -536,7 +536,8 @@ user_pref("network.IDN_show_punycode", true);
/* 2620: enforce PDFJS, disable PDFJS scripting /* 2620: enforce PDFJS, disable PDFJS scripting
* This setting controls if the option "Display in Firefox" is available in the setting below * This setting controls if the option "Display in Firefox" is available in the setting below
* and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With") * and by effect controls whether PDFs are handled in-browser or externally ("Ask" or "Open With")
* [WHY] pdfjs is lightweight, open source, and secure: the last exploit was June 2015 [1] * [WHY] pdfjs is lightweight, open source, and secure: In the last 10 years it has only had
* two known exploits, both in 2024: one 'Severe' and one 'Important' [1]
* It doesn't break "state separation" of browser content (by not sharing with OS, independent apps). * It doesn't break "state separation" of browser content (by not sharing with OS, independent apps).
* It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk. * It maintains disk avoidance and application data isolation. It's convenient. You can still save to disk.
* [NOTE] JS can still force a pdf to open in-browser by bundling its own code * [NOTE] JS can still force a pdf to open in-browser by bundling its own code