Jump to content

PDF.js

From Wikipedia, the free encyclopedia
(Redirected from Pdf.js)

PDF.js
Original authorAndreas Gal
DeveloperMozilla
Release2 July 2011 (2011-07-02)[1]
Stable release
6.0.227[2] Edit this on Wikidata / May 30, 2026; 22 days ago (May 30, 2026)
Written inJavaScript, CSS, HTML
PlatformJavaScript engine, web browser
Size3.94 MB[1]
TypePDF viewer
LicenseApache License 2.0[3]
Websitemozilla.github.io/pdf.js/
Repository

PDF.js is a JavaScript library that renders Portable Document Format (PDF) files using the web standards-compliant HTML5 Canvas. The project is led by the Mozilla Corporation after Andreas Gal launched it (initially as an experiment) in 2011.

History and application

[edit]

PDF.js was originally created as an extension for Firefox[4] and is included in Firefox since 2012 (version 15),[5][6] and enabled by default since 2013 (version 19).[7][8] It was added to Firefox for Android in 2023 (version 111).[9][10]

The project was created to provide a way for viewing PDF documents natively in the web browser, which prevents potential security risks when opening PDF documents outside a browser, as the code for displaying the document is sandboxed in a browser.[11] Its implementation uses the Canvas element from HTML5, which allows for fast rendering speeds.[11]

PDF.js is also used in Thunderbird,[12] ownCloud,[13] Nextcloud,[14][15] and is available as a browser extension for Google Chrome/Chromium,[16] Pale Moon[17][18] and SeaMonkey.[18][19]

It can be integrated or embedded in a web or native application to enable PDF rendering and viewing, and allows advanced usages such as Server-side rendering.

Many web applications, including Dropbox,[20] Slack,[21] and LinkedIn Learning[22] integrate PDF.js to enable previewing PDF documents.

Behavior

[edit]

According to a benchmark by Mozilla, PDF.js is performant for viewing most common PDF files, while it may have some issues with large or 'graphics-heavy' documents.[23]

PDF.js supports most of the PDF specifications (including form support or XFA[24]), but some features have not been implemented yet, which may impact rendering behavior depending on the features the document uses.[25]

Several PDF/X or optional PDF features that are not supported in PDF.js include:

The PDF.js contributor community also notes that the browser behavior of PDF.js varies with browser support for PDF.js's required features.[29] Performance and reliability will be the best on Chrome and Firefox, which are fully supported and subject to automated testing.

Security

[edit]

Because PDF.js parses untrusted documents inside the browser, it has been the subject of several disclosed vulnerabilities. In 2015, CVE-2015-2743 documented excessive privileges for internal workers in PDF.js, which was addressed in Firefox 39 and the ESR branches 31.8 and 38.1.[30][31] A related Metasploit module exploited a privileged JavaScript injection in Firefox 35 and 36 through the PDF viewer.[32]

In 2018, CVE-2018-5158 disclosed that PDF.js did not sufficiently sanitize PostScript calculator functions, allowing crafted PDF files to inject JavaScript with the privileges of the embedding page.[33][34][35]

A more widely reported issue, CVE-2024-4367, was disclosed in May 2024 by researchers at Codean Labs.[36] The vulnerability stems from a missing type check in PDF.js font handling, where a custom FontMatrix embedded in PDF metadata could be coerced into a string and reach eval, enabling arbitrary JavaScript execution within the PDF.js context.[37] Mozilla addressed the issue in PDF.js 4.2.67, Firefox 126, Firefox ESR 115.11 and Thunderbird 115.11.[38] National advisories were issued by the New York State Office of Information Technology Services and the Cyber Security Agency of Singapore.[39][40]

See also

[edit]

References

[edit]
  1. ^ a b "Releases · mozilla/pdf.js". GitHub. Retrieved 12 March 2021.
  2. ^ "Release 6.0.227". 30 May 2026. Retrieved 31 May 2026.
  3. ^ "pdf.js/LICENSE at master · mozilla/pdf.js". GitHub. 17 February 2022.
  4. ^ "PDF Viewer(discontinued)". addons.mozilla.org. Archived from the original on 5 December 2015. Retrieved 2 December 2015.
  5. ^ Parfeni, Lucian (30 April 2012). "PDF.JS and Download Manager Panel Pushed to Firefox 15". Softpedia. SoftNews. Retrieved 15 May 2026.
  6. ^ Blagoveschenskiy, Anton (29 August 2012). "Вышла новая версия браузера Firefox 15" [New version 15 of the Firefox browser released]. Rossiyskaya Gazeta (in Russian). Retrieved 9 September 2012.
  7. ^ "Bug 773397 – Disable pdf.js prior to FF15 beta 5". bugzilla.mozilla.org. Retrieved 15 May 2026.
  8. ^ "Firefox 19.0 Release Notes". mozilla.org. Retrieved 30 April 2013.
  9. ^ "Firefox for Android 111.0, See All New Features, Updates and Fixes". www.mozilla.org. Retrieved 19 April 2024.
  10. ^ Adhikari, Sumit (16 March 2023). "Firefox 111 for Android brings Total Cookie Protection & PDF viewer". Android Headlines. Retrieved 15 May 2026.
  11. ^ a b Shankland, Stephen (24 June 2011). "Mozilla eyes hassle-free PDFs on the Web". CNET. Retrieved 24 May 2022.
  12. ^ "810815 - Integrate pdf.js to Thunderbird". bugzilla.mozilla.org. Retrieved 28 January 2022.
  13. ^ owncloud/files_pdfviewer, ownCloud, 8 February 2020, retrieved 28 March 2020
  14. ^ nextcloud/files_pdfviewer, Nextcloud, 18 March 2020, retrieved 28 March 2020
  15. ^ "PDF viewer - Apps - App Store - Nextcloud". apps.nextcloud.com. Retrieved 28 March 2020.
  16. ^ "PDF Viewer". Chrome Web Store. Retrieved 15 May 2026.
  17. ^ "Add-ons - Moon PDF Viewer". Pale Moon - Add-ons. Archived from the original on 3 January 2020. Retrieved 4 May 2021.
  18. ^ a b "IsaacSchemm/pdf.js-seamonkey: SeaMonkey fork of pdf.js". GitHub. Archived from the original on 6 December 2020. Retrieved 4 May 2021.
  19. ^ "PDF Viewer for SeaMonkey". Add-ons for SeaMonkey. 25 April 2020. Archived from the original on 13 January 2020. Retrieved 13 January 2020.
  20. ^ Lauraharrisneal. "Annotations on Document Previews". dropbox.tech. Retrieved 5 August 2021.
  21. ^ "What matters to you, matters to us. - Slack Engineering". Slack Engineering. 16 November 2016. Retrieved 5 August 2021.
  22. ^ Rawat, Anurag (24 April 2019). "Under the hood: Learning with documents". engineering.linkedin.com. Retrieved 5 August 2021.
  23. ^ Bochenek, Thorben (8 May 2014). "How fast is PDF.js? – Mozilla Hacks - the Web developer blog". Mozilla. Retrieved 15 May 2026.
  24. ^ "1706133 - (pdf-xfa) [meta] XFA support". bugzilla.mozilla.org. Retrieved 28 January 2022.
  25. ^ "Guide to Evaluating PDF.js Rendering". PDFTron. Retrieved 5 August 2021.
  26. ^ "ICC profiles support for images · Issue #2856 · mozilla/pdf.js". GitHub. Retrieved 24 May 2022.
  27. ^ "Overprint Support · Issue #7360 · mozilla/pdf.js". GitHub. Retrieved 24 May 2022.
  28. ^ "Issue about knockout groups. · Issue #3136 · mozilla/pdf.js". GitHub. Retrieved 24 May 2022.
  29. ^ "Frequently Asked Questions · mozilla/pdf.js Wiki". GitHub. Retrieved 5 August 2021.
  30. ^ "CVE-2015-2743". CVE Details. Archived from the original on 4 June 2016. Retrieved 15 May 2026.
  31. ^ "cve-2015-2743". nvd.nist.gov. Retrieved 15 May 2026.
  32. ^ "Mozilla Firefox 'pdf.js' Privileged JavaScript Injection (Metasploit)". Exploit Database. Offensive Security. 2015. EDB-ID:37958. Archived from the original on 12 September 2015. Retrieved 15 May 2026.
  33. ^ "CVE-2018-5158". GitHub Advisory Database. Retrieved 15 May 2026.
  34. ^ "CVE-2018-5158". nvd.nist.gov. Retrieved 15 May 2026.
  35. ^ "CVE-2018-5158". CVE Details. Archived from the original on 18 August 2019. Retrieved 15 May 2026.
  36. ^ "cve-2024-4367". nvd.nist.gov. Retrieved 15 May 2026.
  37. ^ Suijten, Thomas (20 May 2024). "CVE-2024-4367: Arbitrary JavaScript execution in PDF.js". Codean Labs. Archived from the original on 20 June 2024. Retrieved 15 May 2026.
  38. ^ "Security Vulnerabilities fixed in Firefox 126 — Mozilla Foundation Security Advisory 2024-21". Mozilla. 14 May 2024. Archived from the original on 15 June 2024. Retrieved 15 May 2026.
  39. ^ "A Vulnerability in Mozilla PDF.js Could Allow for Arbitrary Code Execution". its.ny.gov. New York State Office of Information Technology Services. 2024. Retrieved 15 May 2026.
  40. ^ "High-Severity Vulnerability in Mozilla PDF.js". Cyber Security Agency of Singapore. 2024. Archived from the original on 13 June 2025. Retrieved 15 May 2026.
[edit]
Retrieved from "https://en.wikipedia.org/w/index.php?title=PDF.js&oldid=1354284691"