"unless you've changed security related settings." How is that any different from the proposal?
Accessing the device tag should require user consent--the same as changing "security related settings." On Wed, Dec 29, 2010 at 12:04 PM, Jonas Sicking <[email protected]> wrote: > On Wed, Dec 29, 2010 at 6:48 AM, Diego Perini <[email protected]> wrote: >> Hmmm... >> >> I can currently read incoming RS232 and USB data in my OS X using >> Firefox 3.6.13 and the "file:" protocol: >> >> file:///dev/tty.BT-GPS010B62-SerialPort >> >> do I have an insecure system ? An insecure browser ? > > Can you do that from a webpage served from a http server? Can you do > that from a HTML file saved to your desktop? Can you do that from a > HTML file saved anywhere else on your filesystem? > > For firefox, the answer should be "no" in all three cases, unless > you've changed security related settings. Thus the answer to your > questions should be "no". Definitely file a bug on Firefox > (bugzilla.mozilla.org) if that isn't the case. > > / Jonas >
