mailing list archives
Re: remote DoS in Mozilla 1.0
From: Tom <tom () lemuria org>
Date: Tue, 11 Jun 2002 15:35:14 +0200
On Tue, Jun 11, 2002 at 03:05:31PM +0200, Stijn Jonker wrote:
Is this really a mozilla bug?
It's a bug in X that becomes remote-exploitable through mozilla.
(a) Fix every app to disallow font sizes bigger then <maxvalue>
(b) Fix XFS to return an error code to the calling application
when requested font size is greater then configured <maxvalue>
Personally i would go for b.
Personally, I would go for both, with a limitation on a, namely that
apps that accept remote data (i.e. mozilla) should definitely do some
checking on that data before handing it to the local system (i.e. X).
New GPG Key issued (old key expired):
pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom () lemuria org>
Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5