On Tue, Jun 11, 2002 at 03:05:31PM +0200, Stijn Jonker wrote: > Is this really a mozilla bug? It's a bug in X that becomes remote-exploitable through mozilla. > The solution(s): > (a) Fix every app to disallow font sizes bigger then <maxvalue> > (b) Fix XFS to return an error code to the calling application > when requested font size is greater then configured <maxvalue> > > Personally i would go for b. Personally, I would go for both, with a limitation on a, namely that apps that accept remote data (i.e. mozilla) should definitely do some checking on that data before handing it to the local system (i.e. X). -- New GPG Key issued (old key expired): http://web.lemuria.org/pubkey.html pub 1024D/2D7A04F5 2002-05-16 Tom Vogt <tom@lemuria.org> Key fingerprint = C731 64D1 4BCF 4C20 48A4 29B2 BF01 9FA1 2D7A 04F5
