A Firefox PDF plugin XSS vulnerability
A Firefox PDF plugin XSS vulnerability
Posted Jan 4, 2007 17:22 UTC (Thu) by pr1268 (guest, #24648)Parent article: A Firefox PDF plugin XSS vulnerability
Just out of curiosity, is there any motivation for GNU/Linux users to even use Adobe's PDF reader/plugin? I'm quite happy with my choice of KPDF, XPDF, and GPDF. I choose to view PDF files downloaded from the Internet in the separate viewer application, and I configure Firefox's MIME handler to open the appropriate application.
Is there something I'm missing by avoiding Adobe's PDF viewer?
Posted Jan 4, 2007 18:51 UTC (Thu)
by kamil (guest, #3802)
[Link]
Also, it's been my experience that acroread is in general more reliable in displaying PDF documents properly: no weird formatting problems and such. But I haven't tried recent versions of k/x/gpdf, so they could very well be better in this regard these days.
Having said that, I never enable the Adobe PDF browser plugin. It always seemed counterintuitive to me to have PDF documents displayed in a web browser. Last I checked, it also caused problems when switching the PDF viewer to fullscreen and back.
Posted Jan 4, 2007 19:00 UTC (Thu)
by jwb (guest, #15467)
[Link] (5 responses)
That said, I never use the browser plugin.
Posted Jan 5, 2007 8:35 UTC (Fri)
by Los__D (guest, #15263)
[Link] (4 responses)
This includes quite a bit of datasheets from Atmel, Micrel, Microchip (damn I hate PICs), Epson, TI, National, and way too many from suppliers that still think that photographs put into PDF's are perfectly acceptable.
Posted Jan 5, 2007 18:15 UTC (Fri)
by jwb (guest, #15467)
[Link] (3 responses)
http://tastic.brillig.org/~jwb/evince-vs-adobe.png
Posted Jan 6, 2007 5:51 UTC (Sat)
by Los__D (guest, #15263)
[Link]
But about lineart; I did a few comparisons myself a couple of months back, on an e-ticket, there was a little logo, which at 100% looked a bit nicer in acroread, but when you zoomed in, it actually looked nicer in Evince than in acroread... Maybe they just have differing rendering settings at different zoom levels, or something.
Dennis
Posted Jan 8, 2007 23:35 UTC (Mon)
by roelofs (guest, #2599)
[Link]
Very nice, thanks. That matches my own gut impressions: Adobe uses some very nice scaling and interpolation algorithms in its PDF viewers, not only on fonts but also on vector lines (as here) and on embedded bitmaps like scanned US patents. And they're reasonably fast at it, too. I can't tell if it's full multitap resampling, but...nice (to quote Borat).
I have no doubts free software will catch up before very long, though I am a little surprised we're not there already. (Different priorities, I guess. :-) )
Greg
Posted Jan 11, 2007 17:29 UTC (Thu)
by endecotp (guest, #36428)
[Link]
The anti-aliasing issue should be fixable - plenty of OSS graphics libraries can already do this. Getting the font rendering right is also possible - for example FreeType2 can do hinting - but it is patent-encumbered.
Posted Jan 5, 2007 12:14 UTC (Fri)
by wookey (guest, #5501)
[Link]
I posit that most users would find the free PDF viewers entirely adequate these days, and certainly if Adobe's has this serious flaw then stopping using it is the obvious thing to do. Hopefully some people who haven't used the free viewers for years will try them again as a result of this and be pleasantly surprised at how well they work now.
Posted Jan 5, 2007 14:03 UTC (Fri)
by jschrod (subscriber, #1646)
[Link] (1 responses)
I have documents that I can only print in acroread; [xk]pdf just happen to do nothing, without any error message.
For some documents, acroread is much faster when one changes pages. One pays with the very long startup time, though.
Selecting texts (copy & paste) works better (that means: UI is more intuitive, action is more often successful) in acroread.
OTOH, I use xpdf a lot more than acroread due to its fast startup time. I use it also more often than kpdf since its desktop real estate need is smaller. I would never use any of these tools as browser plugin, though -- I want to have such documents in their own top-level windows.
Joachim
Posted Jan 10, 2007 3:02 UTC (Wed)
by droundy (subscriber, #4559)
[Link]
Posted Jan 5, 2007 16:01 UTC (Fri)
by k8to (guest, #15413)
[Link]
The plugin has become a clunkier, crashier acroread that takes out your browser with it.
Some PDF documents allow you to fill in some information before printing them out. Many application forms in PDF act that way. Can you fill in PDF documents using k/x/gpdf? You can with acroread.A Firefox PDF plugin XSS vulnerability
The quality of the rendering in Adobe Reader is far higher than any of the free clones. I spend a good chunk of my time reading data sheets for electronic components and they are pretty well unreadable in Evince/XPDF/KPDF. In Adobe Reader they look tremendous.A Firefox PDF plugin XSS vulnerability
Strange, I use quite a bit of electronic datasheets, and all of them them has looked perfect in Evince so far. (And yes, I have done comparisons to be sure, as I also have had less than acceptable results in the past).A Firefox PDF plugin XSS vulnerability
Well, here's a comparison of Evince 0.6.1 versus Adobe Reader 7. I think you can see the difference in the quality of the line art.A Firefox PDF plugin XSS vulnerability
http://tastic.brillig.org/~jwb/evince-vs-adobe2.png
I'm afraid that I'll have to wait until the 9th to check them out, I'm in Beijing right now, visiting my wife's parents, and since an earthquake took out the Chinese main Internet line, I'm browsing pages at around 2kB/s (On &*^$%@$#*&* IE/Windows)... After 5 minutes, I could more or less only see the top bar, and a little of the windowbar on one of the pictures, still nothing on the other...A Firefox PDF plugin XSS vulnerability
Well, here's a comparison of Evince 0.6.1 versus Adobe Reader 7. I think you can see the difference in the quality of the line art.
A Firefox PDF plugin XSS vulnerability
In your examples, the line art is anti-aliased in Acroread but not in Evince, and I think that the fonts are hinted in Acroread but not in Evince. These examples are consistent with what I've seen: you need to zoom in one or two more steps with xpdf to see the same amount of detail that you'd see in the Adobe product.A Firefox PDF plugin XSS vulnerability
I have not used acroread since about 2002 and in the last year or so I have found that just about all PDFs finally render fine under either evince or xpdf (it used to be necessary to try 2 or 3 free viewers and still some docs gave problems). But there are still things that acrobat does better than the free browsers (I have found two bugs in fairly obscure area grouping opacity (or something like that) and clipping in the last two weeks due to some intensive use of therion, which aparently do not occur in acrobat). And there is the form-filling thing, which I have never missed, but some people might.A Firefox PDF plugin XSS vulnerability
Acroread has the ability to add comments, e.g., during review cycles. (One needs to have Acrobat for creation of such PDF documents, though.)A Firefox PDF plugin XSS vulnerability
Are you aware that you can configure kpdf to show nothing but the document? It's hard to beat that, in terms of screen real estate. This is what switched me from gv over to kpdf (that and kpdf is the first pdf viewer to obtain a decent "watch file" capability).A Firefox PDF plugin XSS vulnerability
No, there is basically no advantage to the browser plugin. It used to be that the browswer plugin was more networked than acroread, for things like hyperlinks outbound from the pdf back to the web. But acroread has sprouted sufficient tentacles to fill in such gaps.A Firefox PDF plugin XSS vulnerability
