[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Cite for print-to-postscript exploit in Mozilla?



Hi,

I would like to know where you found the security advisory that you
cited in your email to Debian Bugs # 252362 and 247585.  Inquiring minds
would like to know what sort of exploit can be produced by the
print-to-postscript option in Mozilla and Firefox (especially since it
is still enabled by default upstream).  If serious, it should probably
result in the release of Mozilla security updates for woody and
backports.org.

On 2004-06-03 Rebecca Greenwald <rebeccagreenwald@yahoo.co.uk> wrote:

> The direct postscript supports has serious remote
> exploits which allow malicious pages to execute any
> shell commands in the content of the current user.
> Sure, if you want that enable it again.

Thanks and regards,

-- 
Kevin B. McCarty <kmccarty@princeton.edu>   Physics Department
WWW: http://www.princeton.edu/~kmccarty/    Princeton University
GPG public key ID: 4F83C751                 Princeton, NJ 08544



Reply to: