Home page logo

bugtraq logo Bugtraq mailing list archives

Re: remote DoS in Mozilla 1.0
From: Tom <tom () lemuria org>
Date: Tue, 11 Jun 2002 15:35:14 +0200

On Tue, Jun 11, 2002 at 03:05:31PM +0200, Stijn Jonker wrote:
Is this really a mozilla bug? 

It's a bug in X that becomes remote-exploitable through mozilla.

The solution(s):
      (a) Fix every app to disallow font sizes bigger then <maxvalue>
      (b) Fix XFS to return an error code to the calling application 
when requested font size is greater then configured <maxvalue>

Personally i would go for b.

Personally, I would go for both, with a limitation on a, namely that
apps that accept remote data (i.e. mozilla) should definitely do some
checking on that data before handing it to the local system (i.e. X).

New GPG Key issued (old key expired):
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tom () lemuria org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]