• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
Re: Patch for Safari security flaw
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Patch for Safari security flaw

  • Subject: Re: Patch for Safari security flaw
  • From: Nigel Smith <email@hidden>
  • Date: Thu, 20 May 2004 10:11:19 +0100
On 19/5/04 13:05, "Joe Green" <email@hidden> wrote:

> Some of you have expressed concern as to whether this is safe or not.
> The link I quoted is from MacUser's web site. It's up to you whether
> you follow it. Having had a successful backup last night, I downloaded
> the disk image (which does not invoke Help or any spurious scripts) and
> ran the patch. All seems well. But then, life's a gamble.

But what does it *do*? If it just patches the Help Viewer problem, it is a
temporary stop-gap at best...

Many browsers respond to the "file:///" protocol by opening the file pointed
to, be it a document, an application, or a script. The problem for a
malicious scripter is getting the correct path -- which mounting an external
volume does very nicely, thank you.

How many ways will your browser automount a volume?

Nigel
_______________________________________________
applescript-users mailing list | email@hidden
Help/Unsubscribe/Archives: http://www.lists.apple.com/mailman/listinfo/applescript-users
Do not post admin requests to the list. They will be ignored.

  • Prev by Date: Add to startup items
  • Next by Date: Re: Q: echo | sed -- Solved!
  • Previous by thread: Re: Saving HTML from Entourage
  • Next by thread: Re: applescript-users digest, Vol 3 #2696 - 14 msgs
  • Index(es):
    • Date
    • Thread