Well caught. I was only trying to find what could be the original claim ;-)
After reading what I found, I was thinking of an inclusion of a postscript file or a user sending it to print through the browser, not HTML rendered by the browser... On Fri, 2004-07-09 at 12:44, Alan Shutko wrote: > Ian Douglas <[EMAIL PROTECTED]> writes: > > > http://www.imc.org/ietf-822/old-archive1/msg01346.html > > > > Is probably what is being refered to... > > But it's not clear that there's any way for a web page to inject > postscript into Mozilla's print-to-ps output. If there isn't, it's > just as safe as Xprint, also assuming there's no exploit in Xprint. > > That message is really about sending arbitrary Postscript files > through interpreters. Mozilla doesn't produce arbitrary postscript > with unsafe operators, unless there's an unpublished exploit to make > it do so. > > -- > Alan Shutko <[EMAIL PROTECTED]> - I am the rocks. > "Hello, Sacramento Kings Fans Suicide Hotline." > -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
