Hi, we don't have any insight into security issues. I guess it can land in version 126, which will be released may 14.

When will the new version of Firefox fixing the PDF reader vulnerability be rolled out? Unless there is some patch one needs to re-install a non-vulnerable version.

How would you determine which versions are non-vulnerable?

Until someone provides a viable workaround (or permanent fix), it sounds as though the safest thing to do is to stop using the built-in PDF.js viewer. This article will get you to the relevant part of the Settings page: View PDF files using Firefox’s built-in viewer.

I haven't decided whether to do that. It's difficult to know when an exploit is actually being used in the wild and the odds of being attacked. Hopefully there will be some more tips soon since the next Firefox update isn't due until Tuesday.

According to a reply in another thread, the update will be released next Tuesday. https://support.mozilla.org/en-US/questions/1446913#answer-1652116