[25721] in bugtraq
Re: remote DoS in Mozilla 1.0
daemon@ATHENA.MIT.EDU (Mikael Olsson)
Tue Jun 11 12:09:56 2002
Message-ID: <3D060CB4.3DE7B5F4@clavister.com>
Date: Tue, 11 Jun 2002 16:44:04 +0200
From: Mikael Olsson <mikael.olsson@clavister.com>
MIME-Version: 1.0
To: Stijn Jonker <SJCJonker@SJC.nl>
Cc: Tom <tom@lemuria.org>, bugtraq@securityfocus.com
Content-Type: text/plain; charset=iso-8859-1
Content-Transfer-Encoding: 8bit
Stijn,
Stijn Jonker wrote:
>
> Is this really a mozilla bug?
> My answer:
> No, because try and font of the size 1666666px in gimp on the same
> system, the symptoms and the end effect is exactly the same here.
>
> [...]
> The solution(s):
> (a) Fix every app to disallow font sizes bigger then <maxvalue>
> (b) Fix XFS to return an error code to the calling application
> when requested font size is greater then configured <maxvalue>
>
> Personally i would go for b.
> Just my $0.02, but if you disagree please let me know.
There's a world of difference between gimp and netscape.
Fixing XFS is indeed a good idea, but I submit that it is also a very
good idea to put a cap on font sizes in mozilla, and indeed anything
else that accepts font rendering information from external sources.
After all, mozilla runs on dozens of platforms, on different X servers.
Mozilla is what is causing the vulnerability (gimp isn't). Indeed, XFS
should be fixed, but from an overall vulnerability perspective, I'm
quite convinced mozilla should be fixed too. People upgrade mozilla
a _lot_ more often than they upgrade their X font servers.
Regards,
Mikael Olsson
--
Mikael Olsson, Clavister AB
Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden
Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05
Fax: +46 (0)660 122 50 WWW: http://www.clavister.com
"Senex semper diu dormit"
