Foxit PDF Reader and PDF Editor before 11.1 on macOS allow remote attackers to execute arbitrary code via getURL in the JavaScript API.
https://www.foxit.com/support/security-bulletins.html
https://github.com/dlehgus1023/CVE/tree/master/CVE-2021-45980