Trying Firefox on my work laptop. You sure can customize this thing, eh?

@mdrockwell Containers are one of my favorite Firefox things.

@mcg I'm not familiar with it. Is it the add-on for keeping different types of browsing separate? That's what I find when I search. Or is it something else?

@mdrockwell Some container functionality is built in but this extension adds more. addons.mozilla.org/en-US/fir...

@mdrockwell Running JavaScript inside PDFs is a bad idea and Mozilla previously disabled it by default. But now with FireFox 88 this option is ENABLED by default. Which means, if a PDF file contains JS it will run without any user interaction. What can possibly go wrong?

To disable this: about:config pdfjs.enableScripting --> false

@duncanhart Curious, is there a reason why this would be more dangerous than JavaScript on web pages? Does it have access to more of your machine? Or is there something else that's a cause for concern?

@mdrockwell it’s the rendering of the JavaScript in the PDF that’s the problem. The PDF rendering engines are generally very permissive, not well sandboxed and have previously contained well known vulnerabilities (Adobe in particular).

@duncanhart cool. I'll disable it the first chance I get. ✌️

@duncanhart @mdrockwell FWIW Chrome has rendered JS in PDF’s for a while. Does it increase security risk, maybe. Is it that much different than running JS on a web page, not really. Is it a lot more secure than opening the PDF in Adobe, yes.