*** This bug is a security vulnerability *** You have been subscribed to a public security bug by Seth Arnold (seth-arnold):
Hi, Many of the refcards that can be found on DZone contain code that automatically opens an advertising URL: http://refcardz.dzone.com/ In Evince, when the refcard is opened, the URL is automatically opened in the default browser (FF in my case). I know that this is part of the specifications of the "new" pdf format specifications (not so new, since it dates AcrobatReader 5.x). However, I would like to see this behaviour stopped, or at least configurable, since: - this is a strong privacy violation: using such connexions, the owner of the URL knows that I have opened the pdf and can trace whatever I do with the pdf (what pages I look, I print, etc.) - this is a strong security treat, since the URL might contain code and payload that exploits common browsers, break the security of the OS and take control of the box on which the pdf has been opened. PDF readers should not blindly execute any code present in (what should be flat text) files that people download carelessly on the internet! Thanks in advance for doing something to limit security and privacy breaches in linux boxes... G.M. ** Affects: evince (Ubuntu) Importance: Undecided Status: New -- evince automatically opens url https://bugs.launchpad.net/bugs/1181551 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to the bug report. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
