Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: remote DoS in Mozilla 1.0
From: Tom <tom () lemuria org>
Date: Tue, 11 Jun 2002 15:35:14 +0200

On Tue, Jun 11, 2002 at 03:05:31PM +0200, Stijn Jonker wrote:
Is this really a mozilla bug? 

It's a bug in X that becomes remote-exploitable through mozilla.

The solution(s):
      (a) Fix every app to disallow font sizes bigger then <maxvalue>
      (b) Fix XFS to return an error code to the calling application 
when requested font size is greater then configured <maxvalue>

Personally i would go for b.

Personally, I would go for both, with a limitation on a, namely that
apps that accept remote data (i.e. mozilla) should definitely do some
checking on that data before handing it to the local system (i.e. X).


-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom () lemuria org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]