[kibwen]

The stronger argument for pdf.js is that you get to leverage the Javascript sandbox instead of having to sandbox a native code binary (or worse, support a plugin interface and hand over the keys to the system).

[revelation]

Except they, naturally, found that all this sandboxing was a tad too restrictive, and ended up adding Apple-esque exceptions for their own code.

And in doing so, a critical vulnerability:

https://www.mozilla.org/en-US/security/advisories/mfsa2015-7...

[icebraining]

They are not "Apple-esque exceptions for their own code". All JS code running as browser extensions have those permissions.