[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cite for print-to-postscript exploit in Mozilla?

Ian Douglas <idouglas@dssinc.ca> writes:

> http://www.imc.org/ietf-822/old-archive1/msg01346.html
> Is probably what is being refered to...

But it's not clear that there's any way for a web page to inject
postscript into Mozilla's print-to-ps output.  If there isn't, it's
just as safe as Xprint, also assuming there's no exploit in Xprint.

That message is really about sending arbitrary Postscript files
through interpreters.  Mozilla doesn't produce arbitrary postscript
with unsafe operators, unless there's an unpublished exploit to make
it do so.

Alan Shutko <ats@acm.org> - I am the rocks.
"Hello, Sacramento Kings Fans Suicide Hotline."

Reply to: