RE: Two Vulnerabilities in Mozilla may lead to remote compromise

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: RE: Two Vulnerabilities in Mozilla may lead to remote compromise
From: Pavel Kankovsky <peak@xxxxxxxxxxxxxxxxxxxxxx>
Date: Wed, 14 Jul 2004 01:50:06 +0200 (MET DST)
In-reply-to: <000501c468f9$5608f6f0$3200000a@alex>
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

On Tue, 13 Jul 2004, Jelmer wrote:

> I was under the impression that mozilla firefox disallowed access to local
> files (not sure about mozilla but I assume it's the same)
> 
> When I link to a local file from the internet, I get a
> Security Error: Content at http:///.... May not load or link to 
> File:/// ...

This behaviour depends on security.checkloaduri. True, the default value,
disallows links from http: et al to file:

--Pavel Kankovsky aka Peak  [ Boycott Microsoft--http://www.vcnet.com/bms ]
"Resistance is futile. Open your source code and prepare for assimilation."

References:
- RE: Two Vulnerabilities in Mozilla may lead to remote compromise
  - From: Jelmer

Prev by Date: Re: aterm 0.4.2 tty permission weakness
Next by Date: RE: Unchecked buffer in mstask.dll
Previous by thread: RE: Two Vulnerabilities in Mozilla may lead to remote compromise
Next by thread: Re: Two Vulnerabilities in Mozilla may lead to remote compromise
Index(es):
- Date
- Thread