[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Cite for print-to-postscript exploit in Mozilla?

Well caught.  

I was only trying to find what could be the original claim ;-)

After reading what I found, I was thinking of an inclusion of a
postscript file or a user sending it to print through the browser, not
HTML rendered by the browser...

On Fri, 2004-07-09 at 12:44, Alan Shutko wrote:
> Ian Douglas <idouglas@dssinc.ca> writes:
> > http://www.imc.org/ietf-822/old-archive1/msg01346.html
> >
> > Is probably what is being refered to...
> But it's not clear that there's any way for a web page to inject
> postscript into Mozilla's print-to-ps output.  If there isn't, it's
> just as safe as Xprint, also assuming there's no exploit in Xprint.
> That message is really about sending arbitrary Postscript files
> through interpreters.  Mozilla doesn't produce arbitrary postscript
> with unsafe operators, unless there's an unpublished exploit to make
> it do so.
> -- 
> Alan Shutko <ats@acm.org> - I am the rocks.
> "Hello, Sacramento Kings Fans Suicide Hotline."

Reply to: