Take potentially dangerous PDFs, office documents, or images and convert them to safe PDFs.
Would it be more convenient to use Dangerzone than using pdf.js with a sandboxed browser (such as Chromium (Brave doesn’t use it) or Firefox) in a virtual machine without network access? Because this method is an overkill for the average user.
Even I wanted to know if opening pdf in Firefox is good as it has all the features which I use in SumatraPDF.
This would help me in reducing one more software for just pdf docs.
Assuming the payload isnt in the PDF itself (that VirusTotal would /should find), would temporarily disconnecting from the internet be sufficient or is there something more?
I dont think we should be opening PDFs directly into browsers as well?
I think opening a PDF in a (Chromium) browser is still the safest place* because all tabs are sandboxed. You would need an exploit chain to break out of there and considering the speed in which Chromium CVEs get fixed bad actors usually don’t burn these expensive exploits on common people.
*a step up for this is opening the pdf in chromium in a Linux VM with no network access, deleting the VM snapshot afterwards
If I understand correctly Firefox per site isolation is essentially the same as Chromium’s per tab isolation. Therefore Firefox should be suitable for this use.
Firefox (for desktop) has had per tab isolation since 2020. On android per tab isolation exists, but it is disabled by default. The only way I know of to enable per tab isolation on android is through about:config
Unfortunately about:config is only available on Firefox forks and Firefox nightly. I don’t know if there is a roadmap for enabling Per tab isolation on android, however I have heard that it causes significant battery drain.