Re: Cite for print-to-postscript exploit in Mozilla?
Well caught.
I was only trying to find what could be the original claim ;-)
After reading what I found, I was thinking of an inclusion of a
postscript file or a user sending it to print through the browser, not
HTML rendered by the browser...
On Fri, 2004-07-09 at 12:44, Alan Shutko wrote:
> Ian Douglas <idouglas@dssinc.ca> writes:
>
> > http://www.imc.org/ietf-822/old-archive1/msg01346.html
> >
> > Is probably what is being refered to...
>
> But it's not clear that there's any way for a web page to inject
> postscript into Mozilla's print-to-ps output. If there isn't, it's
> just as safe as Xprint, also assuming there's no exploit in Xprint.
>
> That message is really about sending arbitrary Postscript files
> through interpreters. Mozilla doesn't produce arbitrary postscript
> with unsafe operators, unless there's an unpublished exploit to make
> it do so.
>
> --
> Alan Shutko <ats@acm.org> - I am the rocks.
> "Hello, Sacramento Kings Fans Suicide Hotline."
>
Reply to: