evince automatically opens url
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
evince (Ubuntu) |
Triaged
|
Wishlist
|
Unassigned |
Bug Description
Hi,
Many of the refcards that can be found on DZone contain code that automatically opens an advertising URL:
http://
In Evince, when the refcard is opened, the URL is automatically opened in the default browser (FF in my case).
I know that this is part of the specifications of the "new" pdf format specifications (not so new, since it dates AcrobatReader 5.x).
However, I would like to see this behaviour stopped, or at least configurable, since:
- this is a strong privacy violation: using such connexions, the owner of the URL knows that I have opened the pdf and can trace whatever I do with the pdf (what pages I look, I print, etc.)
- this is a strong security treat, since the URL might contain code and payload that exploits common browsers, break the security of the OS and take control of the box on which the pdf has been opened.
PDF readers should not blindly execute any code present in (what should be flat text) files that people download carelessly on the internet!
Thanks in advance for doing something to limit security and privacy breaches in linux boxes...
G.M.
information type: | Private Security → Public Security |
Changed in evince (Ubuntu): | |
status: | New → Triaged |
importance: | Undecided → Wishlist |