https://googleprojectzero.blogspot.com/2021/12/a-deep-dive-i... is the only case in the past few years that I'm aware of where a PDF vulnerability was actually exploited before it was widely patched, and that was a highly targeted attack.

https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=adobe+reade... shows 4 potentially exploitable vulnerabilities + 1 that lets the attacker check if a file exists.

I couldn't find any semi-recent ones affecting Firefox' PDF.js.