NEOHAPSIS - Peace of Mind Through Integrity and Insight

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com

Neohapsis > Archives > Bugtraq> 2002-06

From: Tom (tomlemuria.org)
Date: Tue Jun 11 2002 - 08:35:14 CDT

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, Jun 11, 2002 at 03:05:31PM +0200, Stijn Jonker wrote:
> Is this really a mozilla bug?

It's a bug in X that becomes remote-exploitable through mozilla.

> The solution(s):
> (a) Fix every app to disallow font sizes bigger then <maxvalue>
> (b) Fix XFS to return an error code to the calling application
> when requested font size is greater then configured <maxvalue>
>
> Personally i would go for b.

Personally, I would go for both, with a limitation on a, namely that
apps that accept remote data (i.e. mozilla) should definitely do some
checking on that data before handing it to the local system (i.e. X).

-- 
New GPG Key issued (old key expired):
http://web.lemuria.org/pubkey.html
pub  1024D/2D7A04F5 2002-05-16 Tom Vogt <tomlemuria.org>
     Key fingerprint = C731 64D1 4BCF 4C20 48A4  29B2 BF01 9FA1 2D7A 04F5

Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]