Daniel Veditz wrote:
Dirk wrote:
a website tries to install the following software
http://www2.flingstone.com/cab/sbc_netscape.xpi
if you d/l the xpi and expand the zip file your anti virus program will
alert you with something like... "keylog-briss" Trojan horse detected
We've noticed attempts like this recently and are taking steps to address
it. As a first stop-gap, sites are no longer be able to launch installs
during page load (easy to work around, but a quick band-aid to specific
abuses we've seen). This is already in recent nightlies of Firefox and
Mozilla. Second, at the cost of greatly reducing the usefulness of
XPInstall, we're restricting its use to whitelisted sites or else people can
explicitly download the file and then launch it (as they can do with an .exe
install).
Unfortunately, it's also restricting non-scripting, assumedly safe,
theme jar installs. Are there plans to come up with a solution to not
have to whitelist those sites?
--
Netscape FAQs: http://www.ufaq.org/
Netscape 6/7 Tips: http://www.holgermetzger.de/net6e.html
Web page validation: http://validator.w3.org
About Mozilla: http://www.mozilla.org
_______________________________________________
Mozilla-xpinstall mailing list
[EMAIL PROTECTED]
http://mail.mozilla.org/listinfo/mozilla-xpinstall
