Re: Cite for print-to-postscript exploit in Mozilla?
I was only trying to find what could be the original claim ;-)
After reading what I found, I was thinking of an inclusion of a
postscript file or a user sending it to print through the browser, not
HTML rendered by the browser...
On Fri, 2004-07-09 at 12:44, Alan Shutko wrote:
> Ian Douglas <email@example.com> writes:
> > http://www.imc.org/ietf-822/old-archive1/msg01346.html
> > Is probably what is being refered to...
> But it's not clear that there's any way for a web page to inject
> postscript into Mozilla's print-to-ps output. If there isn't, it's
> just as safe as Xprint, also assuming there's no exploit in Xprint.
> That message is really about sending arbitrary Postscript files
> through interpreters. Mozilla doesn't produce arbitrary postscript
> with unsafe operators, unless there's an unpublished exploit to make
> it do so.
> Alan Shutko <firstname.lastname@example.org> - I am the rocks.
> "Hello, Sacramento Kings Fans Suicide Hotline."