Situatie
How to disable JavaScript in PDF documents in Firefox
The security and feature update for the organization’s Firefox web browser introduced a major change in the native PDF viewer of the browser. Up until now, JavaScript was ignored by Firefox when PDF documents were viewed in the browser. The execution displayed the JavaScript document in the browser but ignored any JavaScript code that it contained.
Mozilla enabled the execution of JavaScript in PDF documents in Firefox 88; this means that JavaScript code will be executed if it is present in a PDF file that is viewed in Firefox. There are legitimate reasons for supporting JavaScript in PDF documents, for instance to verify the input in form fields or to make changes to a document based on data when it is opened or when certain events happen.
Unfortunately, JavaScript in PDFs may also be used to execute malicious code. In other words: JavaScript is a security risk when it is executed in PDF documents. Most Firefox users may not need the feature, and it is a good idea to disable the execution of JavaScript in PDF documents in the browser to protect the system against JavaScript-based attacks.
Disable JavaScript execution in PDF documents
Firefox users may disable the execution of JavaScript by the browser’s native PDF viewer in the following way. Note that there is no option to turn it off in the main settings of the browser.
- Load about:config in the web browser’s address bar.
- Confirm that you will be careful to proceed.
- Use the search at the top to find pdfjs.enableScripting.
- Set the preference to FALSE with a click on the toggle button at the end of the line.
- A status of FALSE disables JavaScript execution in PDF files.
- A status of TRUE enables the execution of JavaScript in PDF documents (default)
Firefox will ignore JavaScript in PDF documents if the preference is set to FALSE.
Testing
You can test the effect by loading PDF documents that include scripting from a site like PDF Scripting. Just download the sample PDF documents and check them in the native PDF viewer of Firefox to see if the execution is blocked.
Leave A Comment?