Bugtraq mailing list archives
Re: remote DoS in Mozilla 1.0
From: Tom <tom () lemuria org>
Date: Tue, 11 Jun 2002 15:35:14 +0200
On Tue, Jun 11, 2002 at 03:05:31PM +0200, Stijn Jonker wrote:
Is this really a mozilla bug?
It's a bug in X that becomes remote-exploitable through mozilla.
The solution(s):
(a) Fix every app to disallow font sizes bigger then <maxvalue>
(b) Fix XFS to return an error code to the calling application
when requested font size is greater then configured <maxvalue>
Personally i would go for b.
Personally, I would go for both, with a limitation on a, namely that apps that accept remote data (i.e. mozilla) should definitely do some checking on that data before handing it to the local system (i.e. X). -- New GPG Key issued (old key expired): http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom () lemuria org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
Current thread:
- remote DoS in Mozilla 1.0 Tom (Jun 10)
- Re: remote DoS in Mozilla 1.0 Stijn Jonker (Jun 11)
- Re: remote DoS in Mozilla 1.0 Mikael Olsson (Jun 11)
- Re: remote DoS in Mozilla 1.0 Tom (Jun 11)
- Re: remote DoS in Mozilla 1.0 Andreas Beck (Jun 11)
- Re: remote DoS in Mozilla 1.0 John C. Welch (Jun 11)
- Re: remote DoS in Mozilla 1.0 Jakub Bogusz (Jun 11)
- Re: remote DoS in Mozilla 1.0 Stijn Jonker (Jun 11)
- Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Federico Sevilla III (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to Alan Cox (Jun 13)
- rlimits and non overcommit (was: Very large font size ...) Federico Sevilla III (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) rjh (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Rob Mayoff (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to a Halt (was: remote DoS in Mozilla 1.0) Matthew Wakeling (Jun 13)
- Re: Very large font size crashing X Font Server and Grounding Server to Alan Cox (Jun 13)
- RE: remote DoS in Mozilla 1.0 Keith Warno (Jun 13)