|
|
 |
| New User, Welcome! Login |
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype
| From: |
"Jim Slora" <Jim Slora phra com> |
| To: |
<bugtraq securityfocus com> |
| Cc: |
|
| Subject: |
RE: URI handling woes in Acrobat Reader, Netscape, Miranda, Skype |
| Date: |
Mon - Oct 08, 2007 07:38 AM |
Roger A. Grimes wrote Friday, October 05, 2007 3:54 PM
> I'm asking, with genuine interest and a listening ear, what is the best
> long term
> solution you envision, to solve the larger problem?
Apparently the long term solution is for third-party apps to point blame at
Microsoft, and for Microsoft to point blame at third-party apps. They are
both right except in absolving themselves.
To start with this problem does not exist under IE6, regardless of
third-party protocol handler vulnerability. So the question is, why did it
open up after installing IE7? This portion is for Microsoft to address -
either it is a required consequence of new functionality that they should
reconsider, or it is a mistake that they should fix.
The individual third-party applications also need to sanitize their input of
course.
|
|
|
Copyright © 1995-2012 LinuxRocket.net. All rights reserved.
Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!
