[25725] in bugtraq
RE: remote DoS in Mozilla 1.0
daemon@ATHENA.MIT.EDU (Jon Keating)
Tue Jun 11 13:05:01 2002
Message-ID: <000F708AE9B4D3118B9F004F4E03B08DD59988@wonderin.heuris.com>
From: Jon Keating <jkeating@heuris.com>
To: "'Mikael Olsson'" <mikael.olsson@clavister.com>,
Stijn Jonker <SJCJonker@SJC.nl>
Cc: Tom <tom@lemuria.org>, bugtraq@securityfocus.com
Date: Tue, 11 Jun 2002 11:44:29 -0500
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
> Fixing XFS is indeed a good idea, but I submit that it is also a very
> good idea to put a cap on font sizes in mozilla, and indeed anything
> else that accepts font rendering information from external sources.
Writing stable software is a difficult process to do when you depend on
other libraries to do their job the way you think it should be done. The
problem is a little more subtle than what is being discussed. I am hearing
that Mozilla should be updated, but the question is, what should the limit
be for a font size? The line has to be drawn somewhere and if each software
puts it's own limit on the size of a font then larger fonts might not appear
the same with different programs. So, then XFS needs to be the definite
place that draws the line. I think this is a trivial problem because there
are larger issues out there that are in essence the exact same thing that we
discuss in this thread.
Unfortunately, there is no easy answer because we put our dependence on a
3rd party library. This thread leaves a funny taste in my mouth.
Jon
