On Tue, 12 Feb 2002, Shlomi Fish wrote: > > Check: > > http://lwn.net/2002/0207/security.php3 > > Tzafrir, what can we do about it and how does it affects us, if at all.
I can't see any immidiate effect. The advisory describes two attacks: * adding javascript code to FAQ pages: Certainly possible. Note that I get a copy of every addition/change to the faq, and usually read it soon after. * Sending malicious javascript code to the maintainer using error messages: Well, pine does not have the best record security-wise, but I have yet to see how such malicious code could do some actual damage (yes, I disabled URL-browser-activation for the moemnt) OTOH, there are certainly problems with the current installation of FOM. -- Tzafrir Cohen /"\ mailto:[EMAIL PROTECTED] \ / ASCII Ribbon Campaign Taub 229, 972-4-829-3942, X Against HTML Mail http://www.technion.ac.il/~tzafrir / \ ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
