* Steve Wray <[EMAIL PROTECTED]> [040712 22:13]:
> I discovered that I had to unpack a .jar file, edit files inside it and
> then pack it up again; the 'config files' under /etc just arn't enough.
I think you do not have to repack them. At least startup-page works
via getting a region.properties
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On Tuesday 13 July 2004 01:56, Florian Weimer wrote:
> * Kevin B. McCarty:
> > On 07/10/2004 12:18 PM, Florian Weimer wrote:
> >> 1.7 incorporates some other security fixes, apparently in the area
> >> of cross-domain scripting vulnerabilities. So you
* Kevin B. McCarty:
> On 07/10/2004 12:18 PM, Florian Weimer wrote:
>
>> 1.7 incorporates some other security fixes, apparently in the area of
>> cross-domain scripting vulnerabilities. So you probably should
>> upgrade anyway.
>
> Does anyone know if there is some reason these fixes haven't been
On 07/10/2004 12:18 PM, Florian Weimer wrote:
> 1.7 incorporates some other security fixes, apparently in the area of
> cross-domain scripting vulnerabilities. So you probably should
> upgrade anyway.
Does anyone know if there is some reason these fixes haven't been
backported to woody?
regards
* Kevin B. McCarty:
> I admit this last question is a bit rhetorical. My point is that, as
> sysadmin of a physics cluster running Debian/woody on which people
> frequently look at downloaded PS files anyway, I want to know whether it
> is really worth my time to upgrade Mozilla [currently runnin
Well caught.
I was only trying to find what could be the original claim ;-)
After reading what I found, I was thinking of an inclusion of a
postscript file or a user sending it to print through the browser, not
HTML rendered by the browser...
On Fri, 2004-07-09 at 12:44, Alan Shutko wrote:
> I
> On a related note, does anyone know if xpdf takes (or can be made to
> take) the same sort of precautions? After all, a PDF is basically just
> a PS file, so I imagine the same sorts of attack are possible.
PDF is PostScript with a lot of operators removed and
some added. Among those removed a
On Fri, Jul 09, 2004 at 05:00:30PM -0500, Reid Priedhorsky wrote:
> Mozilla and friends can generate PostScript directly, or they can depend
> on Xprint to do so. It is the latter which has been disabled. The former
> works well for some and poorly to not at all for others (myself included).
I be
On Fri, Jul 09, 2004 at 12:18:30PM -0300, Henrique de Moraes Holschuh wrote:
> OTOH, maybe the postscript code in mozilla itself has a security hole. But
> the right thing to do would be to *fix* that instead, not to drop it.
Question: are you saying that Mozilla based browsers
(eg Galeon) can no
Ian Douglas <[EMAIL PROTECTED]> writes:
> http://www.imc.org/ietf-822/old-archive1/msg01346.html
>
> Is probably what is being refered to...
But it's not clear that there's any way for a web page to inject
postscript into Mozilla's print-to-ps output. If there isn't, it's
just as safe as Xprint,
[Snipping practically all of the cross-post distribution.]
Quoting Kevin B. McCarty ([EMAIL PROTECTED]):
> But is there any way in which Mozilla's print-to-postscript is _less_
> safe than using gv to open up a random PostScript file found somewhere
> on the Internet?
Thus the -dSAFER option, wh
On Fri, 09 Jul 2004, Ian Douglas wrote:
> I guess if you really wanted to get fancy you could setup postscript
> rendering as service in a chrooted jail, so it doesn't really matter if
> anything runs as it will not have access to the OS file system or
> services.
Doesn't just about anything that
t;[EMAIL PROTECTED]>
To: Ian Douglas <[EMAIL PROTECTED]>
CC: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED], [EMAIL PROTECTED]
Subject: Re: Cite for print-to-postscript exploit in Mozilla?
Date: Fri Jul 09 14:18:51 GMT 2004
>On 07/09/2004 04:02 PM, Ian Douglas wrote:
>
On 07/09/2004 04:02 PM, Ian Douglas wrote:
> http://www.imc.org/ietf-822/old-archive1/msg01346.html
>
> Is probably what is being refered to...
Thanks for the link! (Wow, foreshadowing of virus infections via email
attachments...)
But is there any way in which Mozilla's print-to-postscript is _
http://www.imc.org/ietf-822/old-archive1/msg01346.html
Is probably what is being refered to...
Ian
-Original Message-
From: "Kevin B. McCarty" <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
CC: [EMAIL PROTECTED], [EMAIL PROTECTED],
[EMAIL PROTECTED]
Subject: C
Hi,
I would like to know where you found the security advisory that you
cited in your email to Debian Bugs # 252362 and 247585. Inquiring minds
would like to know what sort of exploit can be produced by the
print-to-postscript option in Mozilla and Firefox (especially since it
is still enabled by
16 matches
Mail list logo