Vulnerability In Font Processing Library Affects Linux, OpenOffice, Firefox

An anonymous reader writes: If an application can embed fonts with special characters, then it's probably using the Graphite font processing library. This library has several security issues which an attacker can leverage to take control of your OS via remote code execution scenarios. The simple attack would be to deliver a malicious font via a Web page's CSS. The malformed font loads in Firefox, triggers the RCE exploit, and voila, your PC has a hole inside through which malware can creep in.

Re:Another buffer overflow

As seen with SELinux, all you get is the majority using selinux=0 as a boot option when problems arise or they can't figure out how to reconfigure SELinux to allow a port number change.

Re:But this is open source, right?

[Runaway1956]

A: the font isn't open source
B: one or more pair of eyes DID find this problem
C: there are no eyes looking at your Windows platform

I'll take my chances with open source, thank you. You enjoy your telemetry nonsense.

Is Pale Moon fixed?

[Futurepower(R)]

Is Pale Moon fixed? I don't see any mention of that.

We switched to Pale Moon and are now not having problems with the instability of Firefox when there are many windows and tabs open. Since Pale Moon is based on Firefox, most of the Firefox add-ons work.

In the past, Google paid Mozilla Foundation $300 million each year to make Google search the default search engine in Firefox. Google apparently didn't cause problems, even though it paid a shocking amount.

Now, I understand, Mozilla Foundation gets most of its money from Microsoft. Microsoft pays Yahoo. Yahoo pays Mozilla Foundation to make "Yahoo search" (actually mostly Microsoft Bing search) the default search engine in Firefox.

The Thunderbird and SeaMonkey Composer GUIs have been damaged, apparently deliberately. File saves in the newer versions of both ask for a new file name, and don't suggest the last one chosen. The damage was reported several months ago, but has not been fixed.

Is that another example of Microsoft's Embrace, Extend, Extinguish? People who feel forced away from Thunderbird may choose Microsoft software to replace it. Is that something Microsoft is trying to accomplish?

In my opinion, dishonest people should not be employed in management. In my opinion, the managers and members of the board of directors of both Microsoft and Mozilla Foundation who approved the dishonesty of sneakily re-configuring Mozilla Foundation products should be immediately fired, and not allowed to have management positions in the future.

Mozilla Foundation may be desperate now that it has lost the incredible amount of money paid by Google.

A few of the many, many articles about abuse by Microsoft:

Microsoft has no plans to tell us what's in Windows patches. Each update is a black box, and it's going to stay that way.

Leaks show that Microsoft writes release notes, so why can't it publish them? The lack of documentation of Windows' updates is a baffling move on Microsoft's part.

Microsoft's Software is Malware. Malware means software designed to function in ways that mistreat or harm the user.

How Can Any Company Ever Trust Microsoft Again?

NSA Backdoor Exploit in Windows 8 Uncovered

Microsoft Gave the NSA Direct Backdoor Access to Outlook, Skype

Microsoft [lack of] Privacy Statement

Here's how to Block Windows 10 "Spying"

Re:Is Pale Moon fixed?

[amiga3D]

I have no mod points to undo the damage caused by the M$ fanboys. I do laud you on your efforts to spread the truth about the malware that masquerades as an operating system and still deserves the badge "Defective by Design."