Full Disclosure mailing list archives
Re: More URI Handling Vulnerabilites (FireFox Remote Command Execution)
From: <auto390084 () hushmail com>
Date: Wed, 25 Jul 2007 13:20:51 -0400
These are also protocols recognized by firefox and acted upon. You are prompted about opening each with the applicable application. Be interesting if anyone can do something with it as well: htafile: htmlfile: asffile: exefile: urlfile: etc so far accepting the prompt doesn't invoke the application, just on quick testing though ;-) -- HASH(0x87b3770) HASH(0x8c4b628) http://tagline.hushmail.com/fc/Ioyw6h4eqxckDCeqoGcr84EDCOEAtr81ztpfUVca9W8VliCkAOgx6o/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Re: More URI Handling Vulnerabilites (FireFox Remote Command Execution) auto390084 (Jul 25)