Re: Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)

From: George Staikos (staikosat_private)
Date: Fri Jul 20 2001 - 06:35:26 PDT

Next message: Aaron C. Newman: "Oracle Vulnerability Discovered in OID"

Previous message: Patrick Medhurst: "IBM TFTP Server for Java vulnerability"
In reply to: Richard Kettlewell: "Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Wednesday 18 July 2001 15:30, Richard Kettlewell wrote:

> A better answer might be to stat the file, and reject it if it not a
> regular file.  Another approach would be to forbid inlining "file:"
> URLs from external pages, as described at
> http://bugzilla.mozilla.org/show_bug.cgi?id=91316

   Exactly this has been done in Konqueror CVS and will be in the upcoming 
2.2 release.  It wouldn't allow opening of these in the URL bar but it would 
open them as <IMG SRC="">.

-- 

George Staikos

Next message: Aaron C. Newman: "Oracle Vulnerability Discovered in OID"
Previous message: Patrick Medhurst: "IBM TFTP Server for Java vulnerability"
In reply to: Richard Kettlewell: "Linux, too, sot of (Windows MS-DOS Device Name DoS vulnerabilities)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Fri Jul 20 2001 - 08:15:51 PDT