[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: [tor-talk] pdf with tor



On Friday 07 August 2015 13:25:02 Cain Ungothep wrote:
> > Well, Mozilla announced a secadv for pdf.js recently, so there's that.
> > 
> > https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/
> 
> Ugh, here comes another:
> 
> https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/
> 
> This one seems specially nasty in the context of Tor. Notice the following 
sentence:
> > Mozilla has received reports that an exploit based on this vulnerability
> > *has been found in the wild*.
> 

As long as the Mozilla fix is not consumed by TBB you can prevent TBB from 
opening PDF document using pdf.js. Open about:config and toggle 
*pdfjs.disabled* to true. Now TBB asks for an external pdf viewer when it 
receives a pdf document. 
-- 
tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx
To unsubscribe or change other settings go to
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk