Mozilla postscript security info
I received the following response from the Mozilla Security Group.
They are not aware of any remote exploit in the Mozilla's printing code.
---------- Forwarded message ----------
From: Daniel Veditz <dveditz@cruzio.com>
To: Jesse Ruderman <jruderman@hmc.edu>
Cc: security-group <security-group@mozilla.org>, mbrubeck@cs.hmc.edu
Date: Fri, 09 Jul 2004 00:17:27 -0700
Subject: Re: [Fwd: Mozilla postscript vulnerability?]
There are no confidential bugs that mention the word postscript anywhere. If
someone knows of an exploit they didn't bother to tell us about it.
Jesse Ruderman wrote:
> -------- Original Message --------
> Subject: Mozilla postscript vulnerability?
> Date: Wed, 7 Jul 2004 16:56:00 -0700 (PDT)
> From: Matt Brubeck <mbrubeck@cs.hmc.edu>
> To: Jesse Ruderman <jruderma@cs.hmc.edu>
>
> Jesse,
>
> There is some confusion on the Debian mailing lists about rumors of
> a remote code execution vulnerability in Mozilla's Postscript/default
> printing backend. This caused the Mozilla and Firefox maintainers to
> build their Debian packages with --disable-postscript:
>
> http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=247585
>
> Now some Debian folks are trying to find out if this exploit really
> exists. I wasn't able to find any relevant information in public
> Bugzilla reports or on the mozilla.org/projects/security web pages.
> Can you shed any light on this?
>
> Note: I also told the Debian GNOME team to contact security@mozilla.org:
>
> http://lists.debian.org/debian-gtk-gnome/2004/07/msg00027.html
>
>
>
> _______________________________________________
> Security-group mailing list
> Security-group@mozilla.org
> http://mail.mozilla.org/listinfo/security-group
Reply to: