February 19, 2013, 4:53 PM — Mozilla today released Firefox 19, adding a built-in PDF viewer to the browser.
The integrated viewer was the one noticeable change to users, although Mozilla enhanced under-the-hood features as well for website developers, and added support for additional HTML5 standards.
Firefox 19 also included patches for 13 security vulnerabilities, 10 pegged as "critical," the company's most severe threat ranking.
But the inclusion of a PDF viewer was what Firefox users will see. The viewer was once slated for Firefox 18 -- it was part of that edition's beta -- but Mozilla pulled the component before shipping the browser early last month, delaying it until the next iteration in its every-six-week release cycle.
But unlike Chrome's PDF viewer, which operates inside the browser's anti-exploit sandbox, Firefox's does not sport similar defenses. And that matters, as PDF documents are often rigged with malicious code.
Adobe, for example, said last weekend that it plans to patch the Reader plug-in this week to stifle attacks exploiting a pair of vulnerabilities. And Foxit, another popular PDF browser plug-in, quashed a bug of its own less than five weeks ago.
Even sans a sandbox, Mozilla claimed its PDF viewer would be more secure than traditional plug-ins such as Adobe Reader. "Many of these plug-ins come with proprietary, closed source code that could potentially expose users to security vulnerabilities," said Bill Walker and Brendan Dahl, engineering manager and software engineer at Mozilla, respectively, in a January blog announcing the viewer.
But security experts have pointed out that Firefox's PDF viewer will likely suffer bugs of its own.