I received the following response from the Mozilla Security Group. They are not aware of any remote exploit in the Mozilla's printing code.
---------- Forwarded message ---------- From: Daniel Veditz <[EMAIL PROTECTED]> To: Jesse Ruderman <[EMAIL PROTECTED]> Cc: security-group <[EMAIL PROTECTED]>, [EMAIL PROTECTED] Date: Fri, 09 Jul 2004 00:17:27 -0700 Subject: Re: [Fwd: Mozilla postscript vulnerability?] There are no confidential bugs that mention the word postscript anywhere. If someone knows of an exploit they didn't bother to tell us about it. Jesse Ruderman wrote: > -------- Original Message -------- > Subject: Mozilla postscript vulnerability? > Date: Wed, 7 Jul 2004 16:56:00 -0700 (PDT) > From: Matt Brubeck <[EMAIL PROTECTED]> > To: Jesse Ruderman <[EMAIL PROTECTED]> > > Jesse, > > There is some confusion on the Debian mailing lists about rumors of > a remote code execution vulnerability in Mozilla's Postscript/default > printing backend. This caused the Mozilla and Firefox maintainers to > build their Debian packages with --disable-postscript: > > http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=247585 > > Now some Debian folks are trying to find out if this exploit really > exists. I wasn't able to find any relevant information in public > Bugzilla reports or on the mozilla.org/projects/security web pages. > Can you shed any light on this? > > Note: I also told the Debian GNOME team to contact [EMAIL PROTECTED]: > > http://lists.debian.org/debian-gtk-gnome/2004/07/msg00027.html > > > > _______________________________________________ > Security-group mailing list > [EMAIL PROTECTED] > http://mail.mozilla.org/listinfo/security-group
