The Register® — Biting the hand that feeds IT

Feeds

Foxit outfoxes fiendish flaw to fix foxed-up Firefox PDF plugin

Buffer-boundary bashing bug blatted

Ensure Ease of Recovery with Asigra’s Agentless Software

Foxit Software has fixed a critical security hole in its PDF plugin for web browsers.

A bug in the code allowed overly long URLs in web links to crash the utility - billed as a "better" alternative to Adobe's software - or potentially inject malicious code into vulnerable Windows systems. The stack-based buffer overflow flaw is present in versions 5.4.4 and earlier of the software.

Users of the PDF-viewing plugin are advised to update to version 5.4.5 as explained in an advisory by Foxit. The company credits Danish security notification firm Secunia and Core Security Technologies for finding and confirming the issue in the Firefox build of the software, respectively. ®

SaaS data loss: The problem you didn’t know you had

Foxit

I use Foxit but the real point is that diversity is key. if PDF is supposed to be a standard we shouldn't have a monoculture of one single PDF reader. Inevitably it will get bought by a careless profit driven monolith like Adobe and Microsoft who will use it as a platform to start churning out shit.

6
0
Anonymous Coward

useful

This flap lead me to discover Sumatra PDF reader, which seems a great deal smaller, faster and less spammy than Foxit, so it was actually a useful exercise :)

5
0

Re: useful

Possibly Reg-ers are appalled by the default acid yellow background of Sumatra PDF?

Fix it by adding bg-color to the shortcut, as in

"C:\Program Files\SumatraPDF\SumatraPDF.exe" -bg-color 0xF2F8FD

(a delicate pale blue in RGB).

4
0

More from The Register

 breaking news
Julian Assange: Google's just an arm of US government
Pale, embassy-dwelling blond claims conspiracy betweeen ad giant, politicians
 breaking news
NSA PRISM snoop-gate: Won't someone think of the children, wails Apple
10,000 things probed, mostly about missing kids, Alzheimer patients, we're told
Google flings another £1m at online child sex abuse vid CRACKDOWN
See, see, we're trying, ad giant tells Daily Mail UK.gov
 breaking news
How NSA spooks spaffed my DAD'S DATA ALL OVER THE WEB
TV star plundered for key PRISM asset without so much as a thank-you
Report: Cloud could slash biz software energy use by 87%
Study sees millions of redundant servers slurping power
 breaking news
CIA spooks picked Amazon's 'superior' cloud over IBM
Procurement report reveals tech gap in cloud cold war
Bone up on fresh EU privacy law - or end up in the clink, IT biz warned
Resellers no longer just flogging boxes - now they must offer legal advice
 breaking news
MPs demand UK rates revamp after Google's 'extraordinary tax mismatch'
Report: 'Highly contrived' structure has damaged HMRC's reputation
Amazon SLASHES hosted database prices
Microsoft, Google, stare meekly at own margins