[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kfm-devel
Subject:    Security concern
From:       Lennart Kudling <kudling () th ! physik ! uni-frankfurt ! de>
Date:       2000-04-22 18:41:02
[Download RAW message or body]

Hi,

yesterday jCommons and me came to the conclusion that khtml
might comprise a possible security hole. He wanted to post a report, but i
cannot find it in the mailing archive. So if this email is duplicate,
ignore it.

Obviously a link like <a href="/bin/notgood"></a> in a local html
file leads to the execution of notgood when clicked. Considering that html
often is sended via email, you can imagine the problem.
There should be a configuration option a la "enable java". jCommons
proposed 3 switches:
a) dont execute
b) always execute
c) always ask before executing

Thank you very much.

Greetings
Lenny

[prev in list] [next in list] [prev in thread] [next in thread]