Foxit v3.0 was found to be comparable to Adobe Reader. Early versions of Foxit Reader were notable for startup performance and small file size. Foxit Reader is developed by Fuzhou, China-based Foxit Software. Linux (Ubuntu 16.10, Red Hat 7.x, SUSE 13.2)Įnglish, French, German, Italian, Portuguese, Russian, Spanish and 35 other languagesįoxit PDF Reader (formerly Foxit Reader) is a multilingual freemium PDF ( Portable Document Format) tool that can create, view, edit, digitally sign, and print PDF files."At the moment the best mitigation is to disable this add-on in browsers and use other software e.g. "We have confirmed the vulnerability using Firefox, Opera, and Safari," Chaitanya Sharma, advisory team lead at Secunia, said Thursday via email. However, she could not immediately answer additional questions. A report about the issue was forwarded to the company's Security Rapid Response Team for further investigation, a Foxit sales and service representative said Thursday via email. In fact, Foxit, the company that develops the application, claims on its website that Foxit Reader is "the most secure PDF reader" and is "better than Adobe PDF Reader and Acrobat." According to the company, the program is used by over 130 million users.įoxit has yet to confirm the existence of the vulnerability and publish a security advisory about it. In the past, Foxit Reader has been suggested by some people in the security community as a more secure and less attacked alternative to Adobe Reader.
However, older versions might also be affected, Secunia said.īy default, Foxit Reader installs the plug-in for Mozilla Firefox, Google Chrome, Opera and Safari Web browsers. The vulnerability has been confirmed in npFoxitReaderPlugin.dll version 2.2.1.530, which is installed by Foxit Reader 5. "Successful exploitation allows execution of arbitrary code." an overly long file name in the URL," Secunia said. "The vulnerability is caused due to a boundary error in the Foxit Reader plugin for browsers (npFoxitReaderPlugin.dll) when processing a URL and can be exploited to cause a stack-based buffer overflow via e.g.
0 kommentar(er)
