Stefano Di Paola and Giorgio Fedon uncovered a serious cross-site scripting vulnerability that affects unpatched versions of the Adobe Reader plug-in which is used to view PDF files from within Web browsers. The vulnerability could allow an attacker to run malicious Javascript code on compromised systems. Security researchers advise us to update Adobe to at least V7.0.9 or V8.0.

Alternatively, you can disable the Adobe Reader browser plug-in (in Firefox within the Settings / Content / Filetypes menu). Or alternatively, use Foxit Reader (http://www.foxitsoftware.com/pdf/rd_intro.php) instead.

Original paper discussing the vulnerability: link (http://events.ccc.de/congress/2006/Fahrplan/attachments/1158-Subverting_Ajax.pdf) (PDF!)
Technical explanation of the vulnerability: link (http://www.gnucitizen.org/blog/universal-pdf-xss-after-party/)

[via CNet (http://news.com.com/PDF+security+risk+greater+than+originally+thought/2100-1002_3-6147428.html?tag=nefd.top)]

Adobe Reader will only update to 7.0.8 and I don't want to upgrade to 8.0. It's about time I checked out Foxit.

I use Foxit. It's less bloated and faster. Also, safer it seems!

Does this also affect the downloaded PDFs as well? I use the Firefox plugin PDFDownLoad and love it. I HATE reading PDFs in Firefox, ... tends to cause it to crash, and seems to suck memory down like a hog! Even in FF2.0.

Oh well.

Does this also affect the downloaded PDFs as well? I use the Firefox plugin PDFDownLoad and love it. I HATE reading PDFs in Firefox, ... tends to cause it to crash, and seems to suck memory down like a hog! Even in FF2.0.

Oh well.
No, it only affects the Viewer plugin if you click on a special PDF download link prepared by the hacker that inserts the Javascript code.

Adobe Reader will only update to 7.0.8 and I don't want to upgrade to 8.0. It's about time I checked out Foxit.
7.0.9 is out since Tuesday... alas a full installation is required as a patch is not available.