Dangerzone (PDF Sandboxing)


Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs.

Would it be more convenient to use Dangerzone than using pdf.js with a sandboxed browser (such as Chromium (Brave doesn’t use it) or Firefox) in a virtual machine without network access? Because this method is an overkill for the average user.


Even I wanted to know if opening pdf in Firefox is good as it has all the features which I use in SumatraPDF.
This would help me in reducing one more software for just pdf docs.

1 Like

I have been wanting to try out Dangerzone for a while now. However it seems the fedora package is broken at the moment.

I will definitely have to give dangerzone a shot on my Ubuntu machine though. :thinking:

Relevant links regarding fedora support, for anyone interested.
Dangerzone mastodon post on the issue
github issue concerning fedora 39 support

1 Like

Assuming the payload isnt in the PDF itself (that VirusTotal would /should find), would temporarily disconnecting from the internet be sufficient or is there something more?

I dont think we should be opening PDFs directly into browsers as well?

1 Like

I think opening a PDF in a (Chromium) browser is still the safest place* because all tabs are sandboxed. You would need an exploit chain to break out of there and considering the speed in which Chromium CVEs get fixed bad actors usually don’t burn these expensive exploits on common people.

*a step up for this is opening the pdf in chromium in a Linux VM with no network access, deleting the VM snapshot afterwards


Does that apply to firefox? (Does firefox have per tab isolation yet?)


If I understand correctly Firefox per site isolation is essentially the same as Chromium’s per tab isolation. Therefore Firefox should be suitable for this use.

Relevant links:
Firefox per site isolation
Chromium per site isolation


I’ve been waiting for this as well!

Is there an update???

Firefox (for desktop) has had per tab isolation since 2020. On android per tab isolation exists, but it is disabled by default. The only way I know of to enable per tab isolation on android is through about:config

Unfortunately about:config is only available on Firefox forks and Firefox nightly. I don’t know if there is a roadmap for enabling Per tab isolation on android, however I have heard that it causes significant battery drain. :thinking:


Doesn’t matter much, because the renderer processes are still not properly sandboxed on Android.

Not convinced to use this for potentially malicious documents on Linux, because the container is not a strong sandbox.