Hacker News new | ask | show | jobs
by _joev 3966 days ago
That's not true. There have been PDF.js exploits that lead straight to RCE. This has the additional downside of leading to immediate compromise on every platform.

Example (used by Mariusz Mlynski to win Pwn2Own this year): https://www.mozilla.org/en-US/security/advisories/mfsa2015-3...
1 comments
_wmd 3966 days ago
Thanks for the link, and bummer, too late to edit my comment.. now I'll be wrong on the Internet for perpetuity :)
link
shimshim 3966 days ago
join the club
link