|
Full Disclosure
mailing list archives
Re: shell:windows command question
From: Darren Reed <avalon () cairo anu edu au>
Date: Fri, 9 Jul 2004 00:23:52 +1000 (Australia/NSW)
In some mail from Barry Fitzgerald, sie said:
Andreas Sandblad wrote:
Did some quick search on Bugzilla and came up with the following:
Mozilla allows external protocols as discussed in:
http://bugzilla.mozilla.org/show_bug.cgi?id=167475
They seem to blacklist the following external protocol handlers:
(patch http://bugzilla.mozilla.org/attachment.cgi?id=102263&action=view)
hcp, vbscript, javascript, ms-help, vnd.ms.radio
A simple solution would be to add the shell protocol to this list.
Personally I think a secure blacklist is hard to maintain as new
dangerous external protocols could be invented by third-parties leaving
Mozilla vulnerable again.
Completely agreed.
There should be a whitelist, not a blacklist... a safe protocols list.
And what would happen?
Nobody would configure anything but those.
And what would happen next?
People would find ways to put their "new stuff" inside the "safe ones".
Kind of like how "http" is declared safe (but is it really??) and so
every man and their dog tunnels their proprietary stuff through that
because it'll go through firewalls.
Darren
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
RE: shell:windows command question Perrymon, Josh L. (Jul 08)
Re: shell:windows command question Andrew Poodle (Jul 08)
RE: shell:windows command question Clairmont, Jan M (Jul 08)
|
Intro
