Re: [suse-security] Does Rich Text hold the same risks as html ?

[trainier@xxxxxxxxxx]

Rich text holds similiar risks as html.  They are apples and oranges, 
though.  "script" bombs target both vulnerabilities.
I know for a fact that there are Notes advisories out there that take 
advantage of LotusScript that runs in rich text fields.




jfweber@xxxxxxxxxxxxx 
01/24/2006 01:32 PM
Please respond to
jfweber@xxxxxxxxxxxxx


To
suse-security@xxxxxxxx
cc

Subject
Re: [suse-security] Does Rich Text hold the same risks as html ?







And hence should be banned or tightly controlled locations where it can 
be read? OR is it a completely other kind of animal, as "safe".. at 
least as safe as anything coming thru the system sent by people you 
may, or not, know. 

I only remember Marc Andreeson ( sp?) Talking a lot about it during the 
time Netscape was the scarey company in the wood work for MS. I never 
got into the nuts and bolts of it... so I don't know anything about it 
except it looks pretty.. but so can HTML properly done. And improperly 
done HTML can bring a system down.. if the attacker knows enough to 
circumvent rules that prevent it from being displayed... 

I would greatly appreciate anyone who feels they have the time to 
explain this to me. Pros and cons are both welcome. 
TIA, y'all

-- 
j
"You never know until you try
 It's hard to see which side your on
 Some people say your half way here
 Some people say your half way gone" song lyric

-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here




-- 
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here