Adobe Acrobat critical vulnerability

In case you haven’t heard yet (I hadn’t – I’ve been busy with other technical problems), there is a critical buffer overflow vulnerability in all versions of Acrobat Reader and Acrobat Standard.  This is all platforms, including GNU/Linux, Mac, and Windows.  And get this: it was announced February 19, but it’s not due to be patched until March 18!  This is apparently the latest in a rash of Acrobat vulnerabilities over the last several months.

Adobe’s response is a huge disappointment.  Just about everybody has Acrobat Reader.  So the fact that it leaves a hole for crackers to subvert the system it’s on, regardless of operating system, is a HUGE problem and shouldn’t sit open for a full month as a known, widespread, critical vulnerability with no patch.  Their announcement says they’ll be patching versions 7 and 8 too… and affected versions are “9.0 and earlier.”  Translation: this problem has been around for years – maybe since day one.  They’re just getting around to fixing it now, and taking their sweet time too considering how serious it is.  That’s a little too careless for my taste.  I’ve uninstalled Acrobat for good and will be using KGhostView from now on.  There, it’s patched!  🙂

Here’s how to get your “patch” before March 18:

GNU/Linux:  In the true spirit of open source, has a wide variety of suitable replacements.  Some of the most popular ones are KPDF, Evince, Xpdf, and kGhostView.  Just search your package manager for anything with pdf in the description and you’ll probably have at least 2 or 3 choices, with at least one already pre-installed.  Much better than downloading and installing the ridiculously fat 47 MB Acrobat Reader file!

Mac: There is a built-in PDF viewer, but you’re not necessarily any safer even if you’re not using Acrobat, because of a PDFKit vulnerability.  **UPDATE** – Apple has released a patch – however, despite my best search efforts I couldn’t find a link to post here.  Sorry Mac users, I can only point you to Apple’s main website.

Windows: People on the forums are suggesting FoxIt Reader as an alternative.   Disclaimer:  I haven’t used it, and this program itself had a similar critical buffer overflow issue until May 2008 or so.  But hey, at least it’s safer than Acrobat right now.  Nice bonus:  the file download is a scant 3 MB, compared to the bloated 21 MB of Acrobat Reader.

Be safe!

Ω

Advertisements

Modifying Firefox and Thunderbird menu fonts

I use Mozilla Firefox for browsing and Mozilla Thunderbird for e-mail… two awesome free software apps you can run on GNU/Linux, MacOS, or Windows.

One niggling annoyance I found with these, however, is that changing your fonts in KDE or Gnome changes the fonts for every other application on your system except for these two holdouts. That’s because they use something separate to generate their menus, called XML User Interface Language (XUL). The good news is this is easy to remedy by creating and modifying a file called userChrome.css .  If you understand CSS you can also tweak it to your heart’s content.  Most of the time, Firefox keeps your data in

/home/yourusername/.mozilla/firefox/randomcharacters.default

and Thunderbird in

/home/yourusername/mozilla-thunderbird/randomcharacters.default

In those folders should be a folder named chrome, where userChrome.css needs to go.  The Firefox chrome folder also contains an example file called (of all things) userChrome-example.css if you’d like something more detailed.  But if you just want a quick way to change all the fonts at once, here is an example userChrome.css .  Notice that a font with spaces in it needs “quotes” around it:

/*
* Do not remove the @namespace line -- it's required for correct functioning
*/
@namespace url("http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul"); /* set default namespace to XUL */


/* Added manually to fix Mozilla fonts */
* {
font-size: 10pt !important;
font-family: "Liberation Serif", Serif !important;
}

You can change the font-size up or down, higher numbers for larger fonts.  Between the quotes after font-family , you can put the name of any font installed on your system… Liberation Serif, Arial, Verdana, Times New Roman, etc.  Here I’ve set it to use Liberation Serif, and fall back to Serif if Liberation Serif becomes unavailable for some reason (such as if I transfer my data to another computer).

You can do this once each for Thunderbird and Firefox… problem solved!

Ω