Re: Cite for print-to-postscript exploit in Mozilla?

To: Ian Douglas <idouglas@dssinc.ca>
Cc: "Kevin B. McCarty" <kmccarty@princeton.edu>, rebeccagreenwald@yahoo.co.uk, debian-user@lists.debian.org, debian-security@lists.debian.org, 247585@bugs.debian.org
Subject: Re: Cite for print-to-postscript exploit in Mozilla?
From: Alan Shutko <ats@acm.org>
Date: Fri, 09 Jul 2004 11:44:06 -0500
Message-id: <[🔎] 87smc1p1ux.fsf@wesley.springies.com>
In-reply-to: <[🔎] 6284230.1089381728783.JavaMail.root@fedora.dssinc.ca> (Ian Douglas's message of "Fri, 9 Jul 2004 14:02:08 +0000 (GMT)")
References: <[🔎] 6284230.1089381728783.JavaMail.root@fedora.dssinc.ca>

Ian Douglas <idouglas@dssinc.ca> writes:

> http://www.imc.org/ietf-822/old-archive1/msg01346.html
>
> Is probably what is being refered to...

But it's not clear that there's any way for a web page to inject
postscript into Mozilla's print-to-ps output.  If there isn't, it's
just as safe as Xprint, also assuming there's no exploit in Xprint.

That message is really about sending arbitrary Postscript files
through interpreters.  Mozilla doesn't produce arbitrary postscript
with unsafe operators, unless there's an unpublished exploit to make
it do so.

-- 
Alan Shutko <ats@acm.org> - I am the rocks.
"Hello, Sacramento Kings Fans Suicide Hotline."

Reply to:

Follow-Ups:
- Re: Cite for print-to-postscript exploit in Mozilla?
  - From: Ian Douglas <idouglas@dssinc.ca>

References:
- RE: Cite for print-to-postscript exploit in Mozilla?
  - From: Ian Douglas <idouglas@dssinc.ca>

Prev by Date: Re: Patches that break stuff
Next by Date: Re: Cite for print-to-postscript exploit in Mozilla?
Previous by thread: Re: Cite for print-to-postscript exploit in Mozilla?
Next by thread: Re: Cite for print-to-postscript exploit in Mozilla?
Index(es):
- Date
- Thread