On 2005-08-23 01:04:09 -0400, Eric Dorland wrote: > * Vincent Lefevre ([EMAIL PROTECTED]) wrote: > > The IDN problem is a trust issue concerning a web site. The bug#303246 > > is a trust issue concerning Firefox: when the bug occurs the user > > thinks that Firefox has done something, i.e. putting some text in > > the primary selection, but in the reality, it has also silently > > done something else: downloading a URL, which may have private or > > confidential contents (in the case of an authenticated part of a > > web site). > > Right, but conceivably you could of downloaded that anyway, you can't > use this problem to bypass the authentication, so where's the attack?
The user would authenticate. Then, when he wants to copy some text belonging to a link, the link would be silently downloaded to some directory. And another user could access the data if the directory is publicly accessible (it may be on purpose). -- Vincent Lefèvre <[EMAIL PROTECTED]> - Web: <http://www.vinc17.org/> 100% accessible validated (X)HTML - Blog: <http://www.vinc17.org/blog/> Work: CR INRIA - computer arithmetic / SPACES project at LORIA -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
