I accidently opened a highly suspicious PDF on firefox. Came with one of those typical scam-looking emails. I wanted to download it and open it in a disposable, but firefox was configured to open downloaded PDFs automatically.
It was opened in-browser.
How do I procede?
I have files on that qube I need. Should I just restart the qube (I shut it down) and move all files to a new qube or should I treat all data on that qube as compromised and confine it to an offline qube, to be processed later?
I loathe that feature - turn it off in all firefox instances. (Do this
under “Applications” to use system default, and set that to open file in
offline disposable.)
In your current situation, I would adopt your second approach. What you
do next will depend on the state of your last backups. If you have nothing
to lose, kill and remove that qube, create another, and restore data to
it. If you dont have a backup, I would create an offline qube, copy
needed files to it, and try to clean them as best you can. Still delete
the original qube. But I would always treat that data as potentially
compromised.
I never presume to speak for the Qubes team.
When I comment in the Forum I speak for myself.