Stijn, Stijn Jonker wrote: > > Is this really a mozilla bug? > My answer: > No, because try and font of the size 1666666px in gimp on the same > system, the symptoms and the end effect is exactly the same here. > > [...] > The solution(s): > (a) Fix every app to disallow font sizes bigger then <maxvalue> > (b) Fix XFS to return an error code to the calling application > when requested font size is greater then configured <maxvalue> > > Personally i would go for b. > Just my $0.02, but if you disagree please let me know. There's a world of difference between gimp and netscape. Fixing XFS is indeed a good idea, but I submit that it is also a very good idea to put a cap on font sizes in mozilla, and indeed anything else that accepts font rendering information from external sources. After all, mozilla runs on dozens of platforms, on different X servers. Mozilla is what is causing the vulnerability (gimp isn't). Indeed, XFS should be fixed, but from an overall vulnerability perspective, I'm quite convinced mozilla should be fixed too. People upgrade mozilla a _lot_ more often than they upgrade their X font servers. Regards, Mikael Olsson -- Mikael Olsson, Clavister AB Storgatan 12, Box 393, SE-891 28 ÖRNSKÖLDSVIK, Sweden Phone: +46 (0)660 29 92 00 Mobile: +46 (0)70 26 222 05 Fax: +46 (0)660 122 50 WWW: http://www.clavister.com "Senex semper diu dormit"
This archive was generated by hypermail 2b30 : Tue Jun 11 2002 - 09:09:35 PDT