* Don Armstrong: > Perhaps I've missed something, but everything that I've read in the > threads so far amounts to people either assuming that there's an issue > and not defining it, or attempting to figure out where the issue is.
This summary is correct as far as I can see. No real security issue has been disclosed so far. Two things could lead to vulnerabilities: * It's possible to use scripting to set another print command. * Untrusted content might be put verbatim into the Postscript file. The latter case shouldn't be a problem because viewers and print spoolers should not assume benign Postscript files (if they do, it's their fault, not Mozilla's). If the first issue is a problem, printing to a pipe should be disabled, but not printing to a file (or printing should be made unscriptable). I find these rumors quite disturbing. Some people are trying very hard to put Mozilla's security efforts in a very bad shape. First the shell: protocol handler issue (on Windows) that has been known (in principle) since 2002, and now this mess. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
