** Changed in: evince (Ubuntu)
Status: New => Triaged
** Changed in: evince (Ubuntu)
Importance: Undecided => Wishlist
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to evince in Ubuntu.
https://bugs.launchpad.net/bugs/1181551
Title:
evince automatically opens url
Status in “evince” package in Ubuntu:
Triaged
Bug description:
Hi,
Many of the refcards that can be found on DZone contain code that
automatically opens an advertising URL:
http://refcardz.dzone.com/
In Evince, when the refcard is opened, the URL is automatically opened
in the default browser (FF in my case).
I know that this is part of the specifications of the "new" pdf format
specifications (not so new, since it dates AcrobatReader 5.x).
However, I would like to see this behaviour stopped, or at least
configurable, since:
- this is a strong privacy violation: using such connexions, the owner of the
URL knows that I have opened the pdf and can trace whatever I do with the pdf
(what pages I look, I print, etc.)
- this is a strong security treat, since the URL might contain code and
payload that exploits common browsers, break the security of the OS and take
control of the box on which the pdf has been opened.
PDF readers should not blindly execute any code present in (what
should be flat text) files that people download carelessly on the
internet!
Thanks in advance for doing something to limit security and privacy
breaches in linux boxes...
G.M.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/evince/+bug/1181551/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : [email protected]
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
