Foxit outfoxes fiendish flaw to fix foxed-up Firefox PDF plugin
Buffer-boundary bashing bug blatted
Foxit Software has fixed a critical security hole in its PDF plugin for web browsers.
A bug in the code allowed overly long URLs in web links to crash the utility - billed as a "better" alternative to Adobe's software - or potentially inject malicious code into vulnerable Windows systems. The stack-based buffer overflow flaw is present in versions 5.4.4 and earlier of the software.
Users of the PDF-viewing plugin are advised to update to version 5.4.5 as explained in an advisory by Foxit. The company credits Danish security notification firm Secunia and Core Security Technologies for finding and confirming the issue in the Firefox build of the software, respectively. ®
I use Foxit but the real point is that diversity is key. if PDF is supposed to be a standard we shouldn't have a monoculture of one single PDF reader. Inevitably it will get bought by a careless profit driven monolith like Adobe and Microsoft who will use it as a platform to start churning out shit.
This flap lead me to discover Sumatra PDF reader, which seems a great deal smaller, faster and less spammy than Foxit, so it was actually a useful exercise :)
Possibly Reg-ers are appalled by the default acid yellow background of Sumatra PDF?
Fix it by adding bg-color to the shortcut, as in
"C:\Program Files\SumatraPDF\SumatraPDF.exe" -bg-color 0xF2F8FD
(a delicate pale blue in RGB).