Adobe Reader Bugs

There are a number of bugs in the Adobe Acrobat Plug-In for browsers, and in the free Adobe Reader 6 and 7. A malicious website may be able to caryy out cross-site scripting attacks because the browser plug-in doesn't correctly validate URI parameters. US CERT says that it appears the bugs were fixed in Adobe Reader 8. Read their report at http://www.kb.cert.org/vuls/id/815960. Stefano Di Paola, Giorgio Fedon, and Elia Florio are credited with finding these bugs. UPDATE: Adobe now has a bulletin at http://www.adobe.com/support/security/advisories/apsa07-01.html.

Acrobat Viewer for the Mac Only Likes Safari

If you want to view Adobe Acrobat PDF files within the Apple Safari web browser, you must be using Mac OS X 10.4.3 or later. Adobe says that the Adobe PDFViewer for Mac OS X won't work on older versions. Also, it will only work within Safari; it doesn't work with Firefox or Opera running on a Mac. See http://www.adobe.com/support/techdocs/333545.html for configuration information.