| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <2020285202-1227198622-cardhu_decombobulator_blackberry.rim.net-1659333668-@bxe124.bisx.prod.on.blackberry> Date: Thu, 20 Nov 2008 16:30:15 +0000 From: theindigowolf@...il.com To: bugtraq@...urityfocus.com Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow Does that also hold true if you use a javascript/java applet to deliver the URL rather than just placing it in a text link? ------Original Message------ From: psy.echo@...il.com Sender: To: bugtraq@...urityfocus.com Subject: Re: Re: Re: Re: Re: Opera 9.6x file:// overflow Sent: Nov 19, 2008 5:59 PM Hi Peter, Apropos File URI scheme, if you are saying about accessing a file with something like file://abcd... in a link, 'over a network', then most of the browsers (perhaps all) do not follow "file:" links on a page that is fetched with "HTTP". The purpose is "security" or to prevent a remote page from executing a program on the visitor's computer. The file: links work on pages that are local files on the user's disk! Though in some browsers these settings can be changed. That is why the Opera exploit through file://abcd.... does not work on network. Hope it answers your query! -- Thanks & Regards, Rishi Narang | Security Researcher Member, Evil Fingers Vulnerability Research Analyst, Third Brigade Labs Blog: www.greyhat.in | Associations: www.evilfingers.com | www.thirdbrigade.com .... eschew obfuscation, espouse elucidation. Sent via BlackBerry by AT&T
Powered by blists - more mailing lists