<<< Date Index >>>     <<< Thread Index >>>

Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous



Someone (I believe RSnake) pointed out that many browser machines have
PDF files in predictable locations that can be accessed via file://
links.  That lets an attacker gain local javascript execution.  At one
point Firefox had a rule restricting http:// and https:// web pages
from accessing file:// links.  Does that rule still exist, and if so
does it mitigate the risk posed to firefox users?

Regards,
Brian