Mozilla takes the security of our software seriously. If you believe you have found a security vulnerability in PDF.js, please report it to us as described below.
Please don't report security vulnerabilities through public GitHub issues.
Instead, please report security vulnerabilities in Bugzilla and make sure that the checkbox in the "Security" section is checked so the required access controls are automatically configured:
The Mozilla security team will process the bug as described in Mozilla's security bugs policy.