Re: Firefox question

R Kimber wrote:

On Sun, 19 Aug 2007 15:22:39 -0300
Derek Broughton wrote:

Thanks. I guess I could change browsers. Konqueror works. I'll
have to think about it.

It really shouldn't. It seems like a gross breach of security for a
web page to permit links to local files.

It doesn't do it automatically, it pops up a window giving the user a
warning and a choice, which seems perfectly sensible to me. There are
some circumstances where security is unlikely to be compromised.

Sure. There are, but the problem is relying on _users_ to know when that's
true, which is why you can't do that sort of thing in script. The good
news is that it doesn't seem to actually execute the file if it's a script.
Still seems a little scary.
--
derek


--
ubuntu-users mailing list
ubuntu-users@xxxxxxxxxxxxxxxx
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Relevant Pages

  • Re: Updating Internet Options using a Script
    ... I don't want to run a script out of I/E that changes ... the security settings. ... It's not a matter of making our application more SP2 ... These are local files that contain ...
    (microsoft.public.windows.inetexplorer.ie6.browser)
  • SUMMARY WAS: OT? Philosophical Question on SA responsibilities
    ... helpful for managers interested in hiring new administrators. ... Would you go thru the 14,600 messages in root and admin ... If I was a new SA I would if encountering a security hole, ... I can see some use for the passwd -s part of the crontab script, ...
    (SunManagers)
  • Re: Clarification-Win2k Netstat sockets interpretation
    ... snip.. ... Before I could manually download every security upate and servicepack from MS.com but now...they send you a bit of Cop-code that fails to run unless ALL defences are down ... Are you sure the script from ntsvcfg is benign in addition to being useful? ... You are absolutely correct there HAL, er ah, Sebastian. ...
    (alt.computer.security)
  • [NT] Flaw in Windows Script Engine Could Allow Code Execution
    ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... The Windows Script Engine provides Windows operating systems with the ... blocked by Outlook Express 6.0 and Outlook 2002 in their default ...
    (Securiteam)
  • Re: BUG with RES/SCRIPT/XP-SP2
    ... I consider JavaScript (known to security people as JavaVirus) as one of the Really Top ... to have a bad script cause damage to my machine. ... This security feature is called the "Local Machine Zone Lockdown". ... Tags, and the CDHtmlDialog class in this forum, and got no response. ...
    (microsoft.public.vc.mfc)