[prev in list] [next in list] [prev in thread] [next in thread]
List: kfm-devel
Subject: Security concern
From: Lennart Kudling <kudling () th ! physik ! uni-frankfurt ! de>
Date: 2000-04-22 18:41:02
[Download RAW message or body]
Hi,
yesterday jCommons and me came to the conclusion that khtml
might comprise a possible security hole. He wanted to post a report, but i
cannot find it in the mailing archive. So if this email is duplicate,
ignore it.
Obviously a link like <a href="/bin/notgood"></a> in a local html
file leads to the execution of notgood when clicked. Considering that html
often is sended via email, you can imagine the problem.
There should be a configuration option a la "enable java". jCommons
proposed 3 switches:
a) dont execute
b) always execute
c) always ask before executing
Thank you very much.
Greetings
Lenny
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic