Mailinglist Archive: opensuse-security (21 mails)

< Previous Next >
Re: [opensuse-security] disabling javascript on acroread
  • From: Michel Messerschmidt <lists@xxxxxxxxxxxxxxxxxxxxxxx>
  • Date: Mon, 23 Feb 2009 23:01:54 +0100
  • Message-id: <20090223220154.GA9703@xxxxxxxxxxxx>
On Mon, Feb 23, 2009 at 11:32:06AM +0000, Bob Vickers wrote:
The latest acroread bug
http://www.adobe.com/support/security/advisories/apsa09-01.html
makes me wonder if there is a way of disabling javascript on a systemwide
basis for acroread and the acroread browser plug-in.

I have done some googling and there is plenty of advice on disabling it
for an individual via the GUI but I would like to do it centrally for 300
users who are not very good at reading email.

Acrobat implements many features (including javascript) as plugins.
The javascript plugin is called EScript.api and is located in the
plug_ins directory of the acrobat installation. I'm not sure for current
suse systems, but here it's located in
/usr/lib/Adobe/Reader8/Reader/intellinux/plug_ins/.

If you remove the EScript.api file from the plug_ins directory, Acrobat
can't use javascript anymore.
Although strongly recommended for security reasons, you should be aware
that there are side effects (many other plugins depend on javascript).


HTH,
Michel
--
~> rpm -q --whatrequires linux
no package requires linux
< Previous Next >
References