> Hmmm, doesn't this fall into the realm of 'executing > arbitrary code via a web browser'? (which you > shouldn't do) > Yep, and there's a one,two exposure where if you can be tricked into downloading an "internet enabled" .dmg ( automagically unstuffed onto the desktop and automounted ) You can be redirected to a help: url in that volume...
> It's been awhile since I've used Safari/OS X browsers, > can you not control the code run by your browser? Or > is this help: issue tricky enough to subvert such > controls? Yes you can control Javascript, and I'm willing to bet that help: url scheme will be getting some wrapper logic to check where it's coming from in the next update. of course its not the only exposure in Safari http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Safari And jsut to make sure the rest of us don't feel left out: http://www.cve.mitre.org/cgi-bin/cvekey.cgi?keyword=Mozilla > --- Ben Barrett <[EMAIL PROTECTED]> wrote: >> But why should you be concerned, Larry? >> That laptop will run bsd, right? =) >> I'm thinking it's going to become a dual boot machine; after all I'm not a complete masochist. -- zoneverte.org Consulting - unix/mail/Mailman _______________________________________________ EUGLUG mailing list [EMAIL PROTECTED] http://www.euglug.org/mailman/listinfo/euglug
