Notifying Foxit of Security Issues

Foxit takes security very seriously and aims to quickly deal with any security related problem associated with a Foxit product. In our effort to serve you best, please report potential security vulnerabilities at security-ml@foxitsoftware.com.

Click here to check Foxit security bulletins.

Support Note: Secunia Advisory SA43776

On March 15, 2011 a Secunia security advisory was issued (http://secunia.com/advisories/43776/) with regards to the Foxit® Reader. The vulnerability is due to an insecure “createDataObject()” function in the JavaScript API. This insecure function allows the creation of arbitrary files with controlled content via a specially crafted PDF file. This function could be taken advantage of maliciously and compromise the security of your computer.

To protect against harm, Foxit Reader users need to update their Reader to the latest version and then enable Safe Reading Mode. The most up-to-date Foxit Reader can be installed by choosing the Help->Check for Updates Now. When the pop-up box appears, click on the Preferences box on the bottom and then enable the automatically check for Foxit updates function. Enabling Safe Reading Mode can be accomplished by choosing Tools->Preference->Trust Manager and then by clicking the option of Enable Safe Reading Mode. This can also be done during initial installation of the Foxit Reader. Safe Reading Mode enables users to control unauthorized actions and data transmissions; including URL connections, launching external files, and running JavaScript functions, to efficiently avoid attacks from malicious documents. If Safe Reading Mode is disabled, users must only open trusted PDF documents to guard against malicious attacks.

If you have any questions regarding this advisory, or any other questions, please contact Foxit by phone (+1-866-MYFOXIT or +1-866-693-6948) or email us at support@foxitsoftware.com.

How to send security reports:

When to report a security issue associated with a Foxit product or any Foxit website, including Foxit-hosted web applications, please do so at security-ml@foxitsoftware.com. If you just need to know more information about security advisories, you can visit here: http://www.foxitsoftware.com/support/security_bulletins.php or e-mail support@foxitsoftware.com.

The mail will be monitored by Foxit’s Technical Team. We will respond appropriately to reports of a new security issue with any Foxit product. To help us research and respond effectively, please include the following information in your email:

  • A subject that includes "Security vulnerability".
  • A complete description of the problem.
  • An explanation of how you found the problem and how it can be reproduced.
  • The appropriate URL if that is relevant.
  • Any relevant system information (e.g. OS version, database, SMTP server, etc).
  • Version and edition of all the Foxit products involved.
  • Your contact information including name, phone and email in case we need to contact you to get additional information.