NB This is an old post from chat we've decided to post and archive here.
The latest Firefox update enabled JS in PDF by default. This increases attack surface for no reason. You don't need JS in PDF. This has been used for drive-by exploits in the past.
To turn it off, set pdfjs.enableScripting to false in about:config.
You can also turn off the integrated PDF viewer (a JS application itself) altogether by setting pdfjs.disabled to true. Going to settings->applications->PDF also works, but pdfjs.disabled prevents mistakes.
On Windows I can highly recommend https://www.sumatrapdfreader.org It's fast, lightweight, has search and remembers the last viewed page. It can read every common format.
I don't currently have a favourite on Linux. What do you use? Nothing seems quite as lightweight as sumatra on Win.
