Do you think it will be patched??<br><br><div><span class="gmail_quote">On 2/5/07, <b class="gmail_sendername">Michal Zalewski</b> <<a href="mailto:lcamtuf@dione.ids.pl">lcamtuf@dione.ids.pl</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
On Mon, 5 Feb 2007, pdp (architect) wrote:<br><br>> You may as well use a QuickTime .mov/.qtl or a PDF document to open a<br>> file:// link . I think it is easier.<br><br>Sure. You can probably have a file:// link in Open Office / MS Office
<br>documents as well; but these all rely on external components, and as such,<br>attacks could be shrugged off as a weakness in these apps (and there's<br>some truth to this).<br><br>Browser authors know better, and they disallow file:// URLs from the
<br>Internet ever since Javascript became so powerful; this case managed to<br>slip through, so I thought it's a neat example, in conjunction with<br>deterministic temporary files.<br><br>/mz<br><br>_______________________________________________
<br>Full-Disclosure - We believe in it.<br>Charter: <a href="http://lists.grok.org.uk/full-disclosure-charter.html">http://lists.grok.org.uk/full-disclosure-charter.html</a><br>Hosted and sponsored by Secunia - <a href="http://secunia.com/">
http://secunia.com/</a><br></blockquote></div><br><br clear="all"><br>-- <br><a href="http://www.goldwatches.com">http://www.goldwatches.com</a><br><a href="http://www.wazoozle.com">http://www.wazoozle.com</a>