Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to avoid the new 'Help' URL handler vulnerability' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to avoid the new 'Help' URL handler vulnerability
Authored by: Lankhmart on May 19, '04 12:17:26PM

In step 3 above, DO NOT select Safari as the handler for "help:" URLs--Safari is "smart" enough to hand it right off to Help Viewer anyway. Instead choose an application that has no idea how to handle the URL. Many people seems to be selecting Chess.app and it works just fine.



[ Reply to This | # ]
correct
Authored by: slughead on May 19, '04 12:26:12PM
In the hint I submitted I pointed this out. I used my hotline client.

Here's the URL to the test page (THIS WILL DO HARMLESS THINGS BUT IT WILL FREAK YOU OUT):
www.insecure.ws/safari/0x04_test.html

---
http://lp.org -- that's all you need to know

[ Reply to This | # ]