Announcement

Collapse
No announcement yet.

Firefox 88 Released With FTP Support Disabled, Support For JavaScript In PDFs

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    If Blockbuster had only figured out how to distribute movies in PDF format, maybe they would still be around.

    I think the complaint here is about scope. There is value in a simple immutable preview=print document format and unless a better (ubiquitous) standard comes along for that, then this feature creep cuts directly into that value.

    Comment


    • #32
      Originally posted by atomsymbol
      Are you aware that you (and everybody else) are running - on your machine locally - hundreds of thousands of lines of Javascript code in a sandbox VM every day when using the Internet? Javascript in PDF is also running in a sandbox VM.
      You trust the sandbox doesn't have flaws? C'mon.

      I run my web browser in a FreeBSD Jail because they are known to have security issues. Heck, just look at the amount of work the OpenBSD project has put in to adding pledge(2) and unveil(2) into Chromium and Firefox.

      I tend to not run my PDFs in a Jail because they are less likely to have security flaws (they still do have some, injecting shellcode into PDF has been done in the past). Unless I can turn off Javascript, I will likely now run the PDF viewer in a jail because it opens up a whole (pointless) can of mess.

      Microsoft Office MACROS run in a VB6 VM. That VM did little to provide a whole species of virus.
      Last edited by kpedersen; 19 April 2021, 05:53 PM.

      Comment


      • #33
        Originally posted by kpedersen View Post
        • I still use FTP a fair amount to get .iso images. HTTPS encryption seems very wastful for this.
        sudo apt-get install aria2; aria2c https://www.whatever.com/path/to/distro-iso.torrent

        You'll get hash verification and automatic retry/resume if a chunk fails hash checks or a connection breaks.

        (aria2c is like wget but with BitTorrent and Metalink support,multi-connection download accelerator support for HTTP/HTTPS, and it supports web seeding so, if the torrent lists the HTTP or HTTPS URLs as web seeds, then you get whatever download speed they give you plus whatever you can get from the torrent swarm.)

        Of course, let it download the .torrent file over HTTPS so it can catch attempts to MITM the definition of which hashes are correct.

        Comment


        • #34
          Originally posted by acobar View Post
          I would prefer to drop Firefox usage, if I could.
          Firefox is just following a change Google made a while ago to Chrome and anything which just repackages Chromium's protocol support... which is something like 90% of users now. FTP was already dead.

          I think I remember Google's rationale being that even Passive FTP is too much of a mess to bend over backward to support in a world with things like Carrier Grade NAT for IPv4... something I agree with as someone who's set up BSD-based firewalls in the past.

          I think we should just stop holding back WebDAV server support to things like Apache when there's a WebDAV client in every major file manager and, to anything short of an MITMing proxy, TLS-protected WebDAV is indistinguishable from ordinary HTTPS because it's just HTTP with some new methods (new friends for GET, PUT, POST, etc.) for things like getting directory listings, file attributes, and revision histories, and clearly defined rules for how to achieve which modification using which verbs.

          Do WebDAV clients support HTTP/2 yet? I remember hearing that has opportunistic encryption so you can use an HTTP URL and have the server upgrade to an encrypted but not authenticated connection without needing a CA cert to help make NSA-style large-scale passive surveillance unfeasible.
          Last edited by ssokolow; 19 April 2021, 06:19 PM.

          Comment


          • #35
            Originally posted by kpedersen View Post

            You trust the sandbox doesn't have flaws? C'mon.

            I run my web browser in a FreeBSD Jail because they are known to have security issues. Heck, just look at the amount of work the OpenBSD project has put in to adding pledge(2) and unveil(2) into Chromium and Firefox.

            I tend to not run my PDFs in a Jail because they are less likely to have security flaws (they still do have some, injecting shellcode into PDF has been done in the past). Unless I can turn off Javascript, I will likely now run the PDF viewer in a jail because it opens up a whole (pointless) can of mess.

            Microsoft Office MACROS run in a VB6 VM. That VM did little to provide a whole species of virus.
            Technically, you should have been doing that all along, because Postscript is a Turing-complete language and there have been privilege escalation vulnerabilities in the Ghostscript, Poppler, xpdf, etc. sandboxes before.

            Comment


            • #36
              FTP is, in some respect, like Gopher, Telnet, or Gemini: so much better on the CLI!

              Comment


              • #37
                Originally posted by atomsymbol
                Are you aware that you (and everybody else) are running - on your machine locally - hundreds of thousands of lines of Javascript code in a sandbox VM every day when using the Internet? Javascript in PDF is also running in a sandbox VM.

                If a scientist publishes an article then Javascript in PDF will enable you - a 21st century reader - to play with various scenarios enabling you to grasp the content of the article more quickly and more profoundly. You can of course freely choose to remain a 20th century reader by disabling Javascript in all PDFs. Of course, it might take several decades for scientific articles to begin making a good use of interactivity in PDFs.
                I'm not particularly concerned about pdfs running js in my browser, because that app is hardened and tested to make sure its security works.

                I think putting a js engine in every random pdf viewer out there is a recipe for failure, because pdfs are already very complicated, are frequently used as attack vectors, and I don't believe that most pdf app developers are particularly well versed in writing secure javascript execution environments. That cats been out of the bag for a while already, though.

                Comment


                • #38
                  Originally posted by cynic View Post

                  yes, computer can do much more than physical paper, but the purpose of PDF is just being a document.
                  Let it be a document, a plain and dumb document, please.

                  There are other means to make interactive contents.
                  You can also support things like forms in PDFs without supporting JS afaik..

                  Comment


                  • #39
                    Originally posted by uid313 View Post
                    The JavaScript thing doesn't really make it any less secure since the browser already executes JavaScript on webpages. The thing that renders the PDF is the JavaScript library pdf.js, so it is all JavaScript anyways.
                    The main problem with pdf.js is its speed. It's ok for simple documents, but it becomes unbearably slow if you try to open some complex CAD documents, complex maps, etc.

                    Comment


                    • #40
                      Uh, you guys do realize this pdf viewer is part of the BROWSER, right? It's already running JS in a secure environment, and browser security has always been a million times better than any other software security model.

                      Edit: and FTP died a deserved death a long time ago. It was never a good protocol.
                      Last edited by cynical; 19 April 2021, 08:20 PM.

                      Comment

                      Working...
                      X