mailing list archives
Re: shell:windows command question
From: Barry Fitzgerald <bkfsec () sdf lonestar org>
Date: Thu, 08 Jul 2004 09:29:31 -0400
Andreas Sandblad wrote:
Did some quick search on Bugzilla and came up with the following:
Mozilla allows external protocols as discussed in:
They seem to blacklist the following external protocol handlers:
A simple solution would be to add the shell protocol to this list.
Personally I think a secure blacklist is hard to maintain as new
dangerous external protocols could be invented by third-parties leaving
Mozilla vulnerable again.
There should be a whitelist, not a blacklist... a safe protocols list.
Full-Disclosure - We believe in it.