'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day

A new security bug in the popular Foxit PDF reader plugin for web browsers allows miscreants to compromise computers and install malware. There’s no patch for this zero-day vulnerability.

Italian security researcher Andrea Micalizzi discovered that the latest version of the software crashes if users are tricked into clicking on an overly long web link. The plugin is kicked into action by the browser to handle the file and promptly bombs.

But the bug is not triggered by a ■■■■■-trapped document, which is the usual way of infecting systems running insecure PDF readers. Instead, clicking on a link to any PDF that deliberately includes a very long query string after the filename causes a buffer overflow in the Foxit plugin.

Read more: 'Better than Adobe' Foxit PDF plugin hit by worse-than-Adobe 0-day • The Register

Thanks seany :-TU
hmm I use foxit…
have it set to open only in sandbox tho :wink:

You are welcome! Good man! Can’t see any issues with it :slight_smile:

I use Foxit too, but I never open PDF documents in the browser.

I use Foxit too, but I never open PDF documents in the browser.

good practice
thanks for the tip :wink:

To be honest, with larger PDF documents, it’s often slower to render them in the browser than it is to download them.

I use PDF-XChange in the same way as you use Foxit, the less plugins the better IMO. :slight_smile:

+1

PDF-XChange isn’t as light on resources as Foxit or Sumatra, but in my opinion the document rendering looks much better.

I also don’t use the plugin.

+1

PDF-XChange isn’t as light on resources as Foxit or Sumatra, but in my opinion the document rendering looks much better.

I also don’t use the plugin.

hmm will take a look
gonna lose foxit for sure either way

Foxit Patches Vulnerability, Updates Reader Product