Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'How to avoid the new 'Help' URL handler vulnerability' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
How to avoid the new 'Help' URL handler vulnerability
Authored by: CarlosD on May 19, '04 03:23:50PM

Thanks for getting this news up there, Rob. Again, you do a great job.

And to all, I do apologize for the error in the original post about setting the help handler to Safari. Thanks for catching it. I noticed that yesterday, but am not aware of a way to send in an edit to a post that's pending. I have since switched my help handler to Camino, so that I easily can see the URL being called.

Believe me, I am aware that this can run items other than just local mounted images. (Though that would be *harder* to exploit.) I had no intention of downplaying the risk. I can hardly see a limit to what you can do with this hole.

However, the changes prescribed should solve the issue for now.

---
Carlos D
===
my music
http://music.altamar.dynalias.org/



[ Reply to This | # ]