It seems at the 23C3 Stefano Di Paola has disclosed a universal XSS vulnerability through the Adobe PDF Plugin. Due to this vulnerability it is possible to launch XSS attacks against any site having PDF files. An example is for example:
UPDATE: Just for the record. This issue has been fixed in the latest updates for the Adobe PDF Plugin.This does however not change the fact that the majority of users most probably still run vulnerable versions.