Feature #7887

View online PDF inside the web browser by default

Added by emmapeel 2014-09-10 00:45:02 . Updated 2014-10-31 17:43:09 .

Status:
Resolved
Priority:
Normal
Assignee:
Category:
Target version:
Start date:
2014-09-10
Due date:
% Done:

0%

Feature Branch:
Type of work:
Discuss
Blueprint:

Starter:
0
Affected tool:
Browser
Deliverable for:

Description

Reported by a user

If we avoid using Evince we can significantly decrease the attack vectors through PDFs.

A PDF opened in Iceweasel must (1) break through pdf.js to execute arbitrary JavaScript, but then (2) break Iceweasel itself to root your computer.

A PDF opened in Evince would have a much easier time breaking through. Evince and libpoppler are subject to significantly less attacks than Iceweasel, so Iceweasel is hardened and security conscious.


Subtasks


Related issues

Related to Tails - Feature #7542: Decide whether we migrate to the Tor browser in time for FF31 Resolved 2014-07-10

History

#1 Updated by intrigeri 2014-09-22 12:10:16

I agree this would be good, and overall improve UX. Note that it’s what the Tor Browser does, and possibly we’ll get it for free when we migrate to use their stuff.

#2 Updated by intrigeri 2014-09-22 12:10:54

  • Subject changed from Use Iceweasel as the default PDF reader to View online PDF inside the web browser by default
  • Starter changed from Yes to No

#3 Updated by intrigeri 2014-09-22 12:11:13

  • related to Feature #7542: Decide whether we migrate to the Tor browser in time for FF31 added

#4 Updated by intrigeri 2014-10-31 17:43:09

  • Status changed from Confirmed to Resolved

It’s now done this way in Tails 1.2.