Back to the articleWell! #
Posted Thursday 2nd August 2007 11:27 GMT
"It's a problem on both sides."
Thank you and goodnight.
Making open-source browsing safe for the masses
"It's a problem on both sides." #
Posted Thursday 2nd August 2007 13:22 GMT
True, but one side has fixed it. The other is pretending it doesn't exist.
It's a feature, not a problem. #
Posted Thursday 2nd August 2007 15:22 GMT
is Microsoft's usual reply.
Other platforms #
Posted Thursday 2nd August 2007 17:19 GMT
OS X. Does Safari get passed this "malcious code" and is there a know (KNOWN) exploit for it?
Linux. Plenty of other browsers. Same question.
It was always a Firefox problem #
Posted Thursday 9th August 2007 04:46 GMT
The problem was that Firefox registers the 'firefoxurl:' URL scheme and failed to validate the data they were getting through it. That they are not validating the data is what makes it a Firefox problem.
They are using the same mechanism that Real Player uses to register 'rtsp:', Media Player to register 'mms:', Steam to register 'steam:', your mail program uses to register 'mailto:', and your browser uses to register 'http:' and 'https:'.
With the variety of url schemes supported, it's hardly reasonable to assume Microsoft can really validate each type.
Sign up, sign up for The Register's weekly IT security newsletter - click here
Top stories
Popular Whitepapers
- Thermal design of the Dell PowerEdge T610, R610, and R710 servers
Monolithic thermal design overview - Seven ways to optimize VMware server virtualization
Virtualized storage complimenting virtualized applications - Automating the Acquisition Process with Enterprise Level CRM
Sales Force Automation buyer’s guide - Checklist: Midmarket ERP Solutions
Control your rising business costs - Checklist: signs you need to upgrade your business phone system
Adopting the latest innovations in communication technology - Best practices for optimizing performance and availability in virtual infrastructures
Solutions for the complete physical and virtualized IT infrastructure
