Because some higher level PDF-related libraries statically embed PDF.js, we recommend recursively checking your node_modules folder for files called pdf.js to be sure.
it's a nice dissection of the bug too, a very cool read.
non-technical folks:
this isn't terrible and most of it doesn't apply to you, but you should update firefox soon if it hasn't updated itself. more details for you here: https://cohost.org/apocryphalmess/post/6056299-for-the-non-technica
for the non-technical folks who don't want to go through this whole thing:
- yes, Firefox the browser itself is susceptible to this security flaw, and yes it's pretty bad
- however, updating Firefox to v126 (or the ESR version of Firefox to v115.11) fixes the problem, so just do that and you'll be fine. it's quite possible that this already happened automatically on your system
- Firefox on iOS/iPadOS is not susceptible to this problem for reasons that would be complicated to explain. Firefox on Android is but you can just update to v126 there as well
- there are other things that use pdf.js, but they're mostly things that run on servers and therefore not something you need to worry about on your PC or Mac or whatever
in short, this was handled professionally by everyone involved and you shouldn't have to do anything but update Firefox, no need to go using any sort of workarounds or tweaks to keep yourself safe
