intrigeri wrote (08 Aug 2015 09:19:50 GMT) : > https://bugzilla.mozilla.org/show_bug.cgi?id=1179262#c30 reads: > "Notice that "pdfjs.disabled" shall not be used, at least without > switching the handler." Not sure how one would "switch the handler", > and perhaps it doesn't mean what I think anyway.
... on the other hand, https://access.redhat.com/articles/1563163 documents pdfjs.disabled=True as a mitigation. I trust RedHat security team to have verified that it indeed blocks exploitation. And Arch Linux' ASA-201508-1 also documents the same mitigation. > Romeo Papa, do you want to research this further? It would be very > useful to add a mitigation measure when mentioning this security issue > in the "Known issues" section of the 1.5~rc1 call for testing. s/add/document/ Cheers, -- intrigeri _______________________________________________ Tails-dev mailing list Tails-dev@boum.org https://mailman.boum.org/listinfo/tails-dev To unsubscribe from this list, send an empty email to tails-dev-unsubscr...@boum.org.
