|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: Cite for print-to-postscript exploit in Mozilla?
From: Alan Shutko (ats
acm.org)
Date: Fri Jul 09 2004 - 11:44:06 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ian Douglas <idouglasdssinc.ca> writes:
> http://www.imc.org/ietf-822/old-archive1/msg01346.html
>
> Is probably what is being refered to...
But it's not clear that there's any way for a web page to inject
postscript into Mozilla's print-to-ps output. If there isn't, it's
just as safe as Xprint, also assuming there's no exploit in Xprint.
That message is really about sending arbitrary Postscript files
through interpreters. Mozilla doesn't produce arbitrary postscript
with unsafe operators, unless there's an unpublished exploit to make
it do so.
--
Alan Shutko <atsacm.org> - I am the rocks.
"Hello, Sacramento Kings Fans Suicide Hotline."
--
To UNSUBSCRIBE, email to debian-security-REQUESTlists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmasterlists.debian.org
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]