User: Password:
|
|
Subscribe / Log in / New account

A Firefox PDF plugin XSS vulnerability

A Firefox PDF plugin XSS vulnerability

Posted Jan 4, 2007 17:22 UTC (Thu) by pr1268 (subscriber, #24648)
Parent article: A Firefox PDF plugin XSS vulnerability

Just out of curiosity, is there any motivation for GNU/Linux users to even use Adobe's PDF reader/plugin? I'm quite happy with my choice of KPDF, XPDF, and GPDF. I choose to view PDF files downloaded from the Internet in the separate viewer application, and I configure Firefox's MIME handler to open the appropriate application.

Is there something I'm missing by avoiding Adobe's PDF viewer?


(Log in to post comments)

A Firefox PDF plugin XSS vulnerability

Posted Jan 4, 2007 18:51 UTC (Thu) by kamil (subscriber, #3802) [Link]

Some PDF documents allow you to fill in some information before printing them out. Many application forms in PDF act that way. Can you fill in PDF documents using k/x/gpdf? You can with acroread.

Also, it's been my experience that acroread is in general more reliable in displaying PDF documents properly: no weird formatting problems and such. But I haven't tried recent versions of k/x/gpdf, so they could very well be better in this regard these days.

Having said that, I never enable the Adobe PDF browser plugin. It always seemed counterintuitive to me to have PDF documents displayed in a web browser. Last I checked, it also caused problems when switching the PDF viewer to fullscreen and back.

A Firefox PDF plugin XSS vulnerability

Posted Jan 4, 2007 19:00 UTC (Thu) by jwb (guest, #15467) [Link]

The quality of the rendering in Adobe Reader is far higher than any of the free clones. I spend a good chunk of my time reading data sheets for electronic components and they are pretty well unreadable in Evince/XPDF/KPDF. In Adobe Reader they look tremendous.

That said, I never use the browser plugin.

A Firefox PDF plugin XSS vulnerability

Posted Jan 5, 2007 8:35 UTC (Fri) by Los__D (guest, #15263) [Link]

Strange, I use quite a bit of electronic datasheets, and all of them them has looked perfect in Evince so far. (And yes, I have done comparisons to be sure, as I also have had less than acceptable results in the past).

This includes quite a bit of datasheets from Atmel, Micrel, Microchip (damn I hate PICs), Epson, TI, National, and way too many from suppliers that still think that photographs put into PDF's are perfectly acceptable.

A Firefox PDF plugin XSS vulnerability

Posted Jan 5, 2007 18:15 UTC (Fri) by jwb (guest, #15467) [Link]

Well, here's a comparison of Evince 0.6.1 versus Adobe Reader 7. I think you can see the difference in the quality of the line art.

http://tastic.brillig.org/~jwb/evince-vs-adobe.png
http://tastic.brillig.org/~jwb/evince-vs-adobe2.png

A Firefox PDF plugin XSS vulnerability

Posted Jan 6, 2007 5:51 UTC (Sat) by Los__D (guest, #15263) [Link]

I'm afraid that I'll have to wait until the 9th to check them out, I'm in Beijing right now, visiting my wife's parents, and since an earthquake took out the Chinese main Internet line, I'm browsing pages at around 2kB/s (On &*^$%@$#*&* IE/Windows)... After 5 minutes, I could more or less only see the top bar, and a little of the windowbar on one of the pictures, still nothing on the other...

But about lineart; I did a few comparisons myself a couple of months back, on an e-ticket, there was a little logo, which at 100% looked a bit nicer in acroread, but when you zoomed in, it actually looked nicer in Evince than in acroread... Maybe they just have differing rendering settings at different zoom levels, or something.

Dennis

A Firefox PDF plugin XSS vulnerability

Posted Jan 8, 2007 23:35 UTC (Mon) by roelofs (guest, #2599) [Link]

Well, here's a comparison of Evince 0.6.1 versus Adobe Reader 7. I think you can see the difference in the quality of the line art.

Very nice, thanks. That matches my own gut impressions: Adobe uses some very nice scaling and interpolation algorithms in its PDF viewers, not only on fonts but also on vector lines (as here) and on embedded bitmaps like scanned US patents. And they're reasonably fast at it, too. I can't tell if it's full multitap resampling, but...nice (to quote Borat).

I have no doubts free software will catch up before very long, though I am a little surprised we're not there already. (Different priorities, I guess. :-) )

Greg

A Firefox PDF plugin XSS vulnerability

Posted Jan 11, 2007 17:29 UTC (Thu) by endecotp (guest, #36428) [Link]

In your examples, the line art is anti-aliased in Acroread but not in Evince, and I think that the fonts are hinted in Acroread but not in Evince. These examples are consistent with what I've seen: you need to zoom in one or two more steps with xpdf to see the same amount of detail that you'd see in the Adobe product.

The anti-aliasing issue should be fixable - plenty of OSS graphics libraries can already do this. Getting the font rendering right is also possible - for example FreeType2 can do hinting - but it is patent-encumbered.

A Firefox PDF plugin XSS vulnerability

Posted Jan 5, 2007 12:14 UTC (Fri) by wookey (subscriber, #5501) [Link]

I have not used acroread since about 2002 and in the last year or so I have found that just about all PDFs finally render fine under either evince or xpdf (it used to be necessary to try 2 or 3 free viewers and still some docs gave problems). But there are still things that acrobat does better than the free browsers (I have found two bugs in fairly obscure area grouping opacity (or something like that) and clipping in the last two weeks due to some intensive use of therion, which aparently do not occur in acrobat). And there is the form-filling thing, which I have never missed, but some people might.

I posit that most users would find the free PDF viewers entirely adequate these days, and certainly if Adobe's has this serious flaw then stopping using it is the obvious thing to do. Hopefully some people who haven't used the free viewers for years will try them again as a result of this and be pleasantly surprised at how well they work now.

A Firefox PDF plugin XSS vulnerability

Posted Jan 5, 2007 14:03 UTC (Fri) by jschrod (subscriber, #1646) [Link]

Acroread has the ability to add comments, e.g., during review cycles. (One needs to have Acrobat for creation of such PDF documents, though.)

I have documents that I can only print in acroread; [xk]pdf just happen to do nothing, without any error message.

For some documents, acroread is much faster when one changes pages. One pays with the very long startup time, though.

Selecting texts (copy & paste) works better (that means: UI is more intuitive, action is more often successful) in acroread.

OTOH, I use xpdf a lot more than acroread due to its fast startup time. I use it also more often than kpdf since its desktop real estate need is smaller. I would never use any of these tools as browser plugin, though -- I want to have such documents in their own top-level windows.

Joachim

A Firefox PDF plugin XSS vulnerability

Posted Jan 10, 2007 3:02 UTC (Wed) by droundy (subscriber, #4559) [Link]

Are you aware that you can configure kpdf to show nothing but the document? It's hard to beat that, in terms of screen real estate. This is what switched me from gv over to kpdf (that and kpdf is the first pdf viewer to obtain a decent "watch file" capability).

A Firefox PDF plugin XSS vulnerability

Posted Jan 5, 2007 16:01 UTC (Fri) by k8to (subscriber, #15413) [Link]

No, there is basically no advantage to the browser plugin. It used to be that the browswer plugin was more networked than acroread, for things like hyperlinks outbound from the pdf back to the web. But acroread has sprouted sufficient tentacles to fill in such gaps.

The plugin has become a clunkier, crashier acroread that takes out your browser with it.


Copyright © 2018, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds