On Monday 25 April 2005 12:20 pm, Jon Drews wrote:
> Hi:
>
>  If I uncheck "Allow web sites to install software" will this prevent
> these exploits in Firefox 1.0.2?

no, because only whtelisted sites can install software in the first place.

so if you're dumb enough to let www.hackerheaven.com install software, 
well ...

scott

> Search plugin cross-site scripting
> Severity: Moderate
> Reporter: Michael Krax
> Products: Firefox, Mozilla Suite
> http://www.mozilla.org/security/announce/mfsa2005-38.html
>
> PLUGINSPAGE privileged javascript execution
> Severity: High
> Reporter: Omar Khan
> Products: Firefox
> http://www.mozilla.org/security/announce/mfsa2005-34.html
>
>                                TIA
>                                Jon
>
> _______________________________________________
> CWE-LUG mailing list
> http://www.cwelug.org/
> [email protected]
> http://lists.firepipe.net/listinfo/cwe-lug

-- 
R. Scott Granneman
[EMAIL PROTECTED] ~ www.granneman.com
Full list of publications: http://www.granneman.com/publications
  My new book on Firefox: Don't Click on the Blue E!
    Info at: http://www.oreilly.com/catalog/bluee/
  Read the Open Source Blog: http://opensource.weblogsinc.com
  Join GranneNotes! Information at www.granneman.com

"You have to know how to accept rejection and reject acceptance."
      ---Ray Bradbury
 
_______________________________________________
CWE-LUG mailing list
http://www.cwelug.org/    
[email protected]
http://lists.firepipe.net/listinfo/cwe-lug

Reply via email to