Re: Cite for print-to-postscript exploit in Mozilla?

To: debian-security@lists.debian.org
Subject: Re: Cite for print-to-postscript exploit in Mozilla?
From: Micah Stetson <micah@cnm-vra.com>
Date: Fri, 9 Jul 2004 17:01:22 -0700
Message-id: <[🔎] 20040710000122.GA5599@epaphras>
Mail-followup-to: debian-security@lists.debian.org
In-reply-to: <[🔎] 20040709153658.GX25508@linuxmafia.com>
References: <[🔎] 6284230.1089381728783.JavaMail.root@fedora.dssinc.ca> <[🔎] 40EEA94B.30600@princeton.edu> <[🔎] 20040709153658.GX25508@linuxmafia.com>

> On a related note, does anyone know if xpdf takes (or can be made to
> take) the same sort of precautions?  After all, a PDF is basically just
> a PS file, so I imagine the same sorts of attack are possible.

PDF is PostScript with a lot of operators removed and
some added.  Among those removed are the file I/O operators,
so -dSAFER is unnecessary.

Micah

Reply to:

References:
- RE: Cite for print-to-postscript exploit in Mozilla?
  - From: Ian Douglas <idouglas@dssinc.ca>
- Re: Cite for print-to-postscript exploit in Mozilla?
  - From: "Kevin B. McCarty" <kmccarty@princeton.edu>
- Re: Cite for print-to-postscript exploit in Mozilla?
  - From: Rick Moen <rick@linuxmafia.com>

Prev by Date: Re: Mozilla/Firefox "PostScript/default" security problems
Next by Date: Re: Cite for print-to-postscript exploit in Mozilla?
Previous by thread: Re: Cite for print-to-postscript exploit in Mozilla?
Next by thread: Re: Cite for print-to-postscript exploit in Mozilla?
Index(es):
- Date
- Thread