[Camino] Camino safe from the latest URI exploit?

Jim Witte Wed, 26 May 2004 12:19:27 -0700

I just went to Unsanity's "Paranoid Android" page where they have a couple examples of the URI exploit and tried to run them in Camino. The disks (via dmg I think and ftp mounted), but then Camino refused to run the URI supposedly registered by the Info.plist file (message came up 'malware:// is not a registered protocol'). I do have More Internet installed, which might be what prevented it. If not, does this mean that Camino is safe from the exploit?

Aside: While I can (sort of) see the utility of allowing disks and ftp servers to be mounted directly from webpages, I *cannot* see any reason why URI's in Info.plist *on* those images should be loaded automatically. There might be a reason why URI's should be loaded automatically for *disks which the user explicitly mounted, or when the user explicitly opened an app on the disk*, but not automatically. That just is courting danger, with little benefit that I can see (of course, there is also potential for a "self-installing disk-image" exploit.. Is that patched somehow?)


Jim Witte
[EMAIL PROTECTED]
Indiana University CS
---
A vote for Nader is a vote for George Bush.
Sed quis custodiet ipsos custodes?

_______________________________________________
Camino mailing list
[EMAIL PROTECTED]
http://mozdev.org/mailman/listinfo/camino

[Camino] Camino safe from the latest URI exploit?

Reply via email to