Advice Request Is the thunderbird PDF reader secure?

[eonline]

Hello everyone, I wanted to know if the built-in thunderbird reader is safe to read pdf. Thank you very much in advance. Best regards.

 

[upnorth]

Hello everyone, I wanted to know if the built-in thunderbird reader is safe to read pdf. Thank you very much in advance. Best regards.

Not sure why it wouldn't or do you have some info or seen something that might be interesting for Thunderbird users?

 

[SpiderWeb]

That's a good question. I don't know if Thunderbird supports fission or sandboxing to isolate processes. I couldn't find any good documentation so I'm gravitating towards No.

 

[Freki123]

You can always think about forcing Thunderbird inside sandboxie classic (or plus).

 

[silversurfer]

Thunderbird running on multi-process architecture since version 91:

New​

• Thunderbird now operates in multi-process (e10s) mode by default

Release Notes

Thunderbird is a free email application that’s easy to set up and customize - and it’s loaded with great features!

www.thunderbird.net

 

[upnorth]

Thunderbird 91 is available as a manual upgrade - gHacks Tech News

Thunderbird 91, a new major version of the open source cross platform email and communication client, has been released.

www.ghacks.net

Not too hard to find, but PDF.js ( same viewer that's used by default in Firefox ) was integrated in Thunderbird version 91 released August 2021, and wow that's a pretty busy bee of developers on Github.

Simply keeping Thunderbird updated, I have a hard time see where this actually could be dangerous enough and extra since I personal as a malware hunter very rarely stumbles over actual alive and still kicking in the wild genuine malicious pdf samples. The majority of those are phishing attacks. Phishing links normally have a very short time span where they are still active. Even a CVE search gives very little info:

Pdf.js Viewer Project Pdf.js Viewer security vulnerabilities, CVEs, versions and CVE reports

Pdf.js Viewer Project Pdf.js Viewer security vulnerabilities, CVEs, exploits, metasploit modules, vulnerability statistics and list of versions

www.cvedetails.com

but click around too much anywhere on pdf files, is bound to ask for trouble no matter what OS, browser, software etc as it's delusional at best claim something is 100% bulletproof/secure.

 

[shmu26]

PDF readers are vulnerable mainly because they support scripts. The simple ones, such as Sumatra, do not support scripts and are therefore quite secure. I don't think the thunderbird pdf reader is built to support scripts.

 

[eonline]

I was looking around a bit and it can run javascript if it is the same reader as Firefox. I don't know if this can be dangerous or not. The point is that I always open pdfs from very secure sources so I guess there are no problems. Thank you all very much.

 

[ForgottenSeer 94943]

I cannot comment on its security, but I prefer using a dedicated PDF reader, Wonderahare PDFelement in my case.

I don't download PDFs from unknown sources.