Feature #7887
View online PDF inside the web browser by default
Start date:
2014-09-10
Due date:
% Done:
0%
Description
Reported by a user
If we avoid using Evince we can significantly decrease the attack vectors through PDFs.
A PDF opened in Iceweasel must (1) break through pdf.js to execute arbitrary JavaScript, but then (2) break Iceweasel itself to root your computer.
A PDF opened in Evince would have a much easier time breaking through. Evince and libpoppler are subject to significantly less attacks than Iceweasel, so Iceweasel is hardened and security conscious.
Subtasks
Related issues
Related to Tails - |
Resolved | 2014-07-10 |
History
#1 Updated by intrigeri 2014-09-22 12:10:16
I agree this would be good, and overall improve UX. Note that it’s what the Tor Browser does, and possibly we’ll get it for free when we migrate to use their stuff.
#2 Updated by intrigeri 2014-09-22 12:10:54
- Subject changed from Use Iceweasel as the default PDF reader to View online PDF inside the web browser by default
- Starter changed from Yes to No
#3 Updated by intrigeri 2014-09-22 12:11:13
- related to
Feature #7542: Decide whether we migrate to the Tor browser in time for FF31 added
#4 Updated by intrigeri 2014-10-31 17:43:09
- Status changed from Confirmed to Resolved
It’s now done this way in Tails 1.2.