Posted Jan 8, 2007 23:43 UTC (Mon) by roelofs
Parent article: A Firefox PDF plugin XSS vulnerability
Other server-side solutions are being discussed as there is a concern that users are unlikely to upgrade their browser plugins.
Another one I saw (beyond the linked token_query suggestion) is to have the server mark PDFs as attachments, which forces them to be downloaded. It's not as convenient for users, but it completely bypasses the broken plugin.
to post comments)