
Adobe CVEs - aburan28
https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Adobe
======
josteink
Looking at crazy stuff like this, I'm so glad most browsers can render PDFs
natively and I don't have to rely on any Adobe software anymore.

~~~
mastazi
OK, but then again: [https://cve.mitre.org/cgi-
bin/cvekey.cgi?keyword=chrome+pdf](https://cve.mitre.org/cgi-
bin/cvekey.cgi?keyword=chrome+pdf)

~~~
lucb1e
Versus Firefox': [https://cve.mitre.org/cgi-
bin/cvekey.cgi?keyword=pdf.js](https://cve.mitre.org/cgi-
bin/cvekey.cgi?keyword=pdf.js)

~~~
josteink
Firefox is so utterly underrated these days. Such a shame. It's a good browser
which puts the user in control and just gets the job done.

~~~
swiley
They've been moving away from that though, try changing your user agent or
disabling JavaScript.

~~~
lucb1e
Agreed, they are moving with what's popular. I'm just afraid it's necessary to
keep market share. When moving browsers people allow a lot more disruption
compared to when a browser gets an update. To move forward, old thing probably
have to break... or at least, that's what I like to believe because otherwise
Firefox is becoming shit.

------
azinman2
How does Adobe allow this to happen? After enough of these over time, you'd
think they'd fine some way to invest majorly in securing their runtimes....
either via another language like Mozilla is doing with Rust, some provably
secure math-vm-thingie like Microsoft Research, massive security reviews &
reduction of attack surfaces like OpenBSD, or another CS-driven solution.

~~~
camus2
Adobe would definitely profit from languages such as Rust. But they are not a
"tech" company in the traditional sense anymore, I don't see them investing in
anything that doesn't yield high short term returns. It's a big company that
dominates the "creative" market, because it can impose its formats on an
industry that does not care about open technologies.

~~~
chenzhekl
Rust isn't a cure-all for every security issue.

~~~
pjmlp
True, and there are lots of security exploits that are caused by logical
error, but the majority of those CVEs are caused by memory corruption, use-
after-free and out-of-bounds memory corruption.

All errors avoidable in Rust, as well as other safe languages, outside unsafe
blocks.

------
pjmlp
Keywords for the safety minded ones:

\- exploitable memory corruption

\- exploitable heap overflow

\- exploitable use after free

