Re: Inconsistent component embedding in browsers
Actually, even local files cannot be "trusted" by the browser. This is
a key reason for many of the security issues in internet explorer. Many
vulnerabilities center around tricking IE into thinking a file should be
trusted, such as emailing someone an HTML file in an attachment with
malicious code embedded. An HTML file *should* be safe under all
circumstances, but it's not because of the IE security model.
-Rob
On Mon, 2004-10-18 at 16:33 -0400, Adam C Powell IV wrote:
> On Fri, 2004-10-15 at 16:02, Emilio Jesús Gallego Arias wrote:
> > El jue, 14-10-2004 a las 10:32 -0400, Adam C Powell IV escribió:
> > > So then, given that the primary GNOME browsers are mozilla-based, why is
> > > it that neither of them even suggest mozilla-bonobo? In fact, searching
> > > through /var/lib/dpkg/available, it is not mentioned as any kind of
> > > dependency anywhere.
> >
> > mozilla-bonobo is believed to have security risks.
>
> Ah, yes. Makes every bonobo component a front-line remotely vulnerable
> app, as well as the mozilla-bonobo glue code. I tend not to browse
> "non-trusted" sites, and really like the feature for browsing local
> files (I have a lot of HTML "index" pages with PDF links). But then,
> aside from local files, what can be "trusted"?
>
> Thanks for the explanation,
>
> -Adam P.
>
> GPG fingerprint: D54D 1AEE B11C CE9B A02B C5DD 526F 01E8 564E E4B6
>
> Welcome to the best software in the world today cafe!
> http://lyre.mit.edu/~powell/The_Best_Stuff_In_The_World_Today_Cafe.ogg
>
Reply to: