To turn off JavaScript execution in PDFs: Enter about:config in the address bar click 'I'll be careful.' In the search box near the top, enter pdfjs.enableScripting. Firefox's main preferences dialog offers no control for turning this 'feature' off. The newly released Firefox version 88 has flipped that switch, and will now blithely execute JavaScript embedded in PDFs. Firefox's built-in viewer, although it has apparently had the ability to execute embedded JS for some time, never turned that feature on, making it a safe(r) way to open PDFs. Putatively offered as a way to create self-validating forms, this scripting capability has been abused over the decades in just about every way you can imagine. Select the Acrobat or Reader plugin in the Add-ons Manager. In addition to the other weird things PDF files can contain, one of them is JavaScript. Never Activate turns off the plug-in so it does not open PDFs in the browser.
Ewhac writes: Firefox has long had a built-in PDF viewer, allowing users to view PDF files in the browser without having to install a third-party application.
