On Friday 07 August 2015 13:25:02 Cain Ungothep wrote: > > Well, Mozilla announced a secadv for pdf.js recently, so there's that. > > > > https://www.mozilla.org/en-US/security/advisories/mfsa2015-69/ > > Ugh, here comes another: > > https://www.mozilla.org/en-US/security/advisories/mfsa2015-78/ > > This one seems specially nasty in the context of Tor. Notice the following sentence: > > Mozilla has received reports that an exploit based on this vulnerability > > *has been found in the wild*. >
As long as the Mozilla fix is not consumed by TBB you can prevent TBB from opening PDF document using pdf.js. Open about:config and toggle *pdfjs.disabled* to true. Now TBB asks for an external pdf viewer when it receives a pdf document. -- tor-talk mailing list - tor-talk@lists.torproject.org To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk