|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: [WEB SECURITY] Universal XSS with PDF files: highly dangerous
From: Brian Eaton (eaton.lists
gmail.com)
Date: Mon Jan 08 2007 - 13:06:34 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Someone (I believe RSnake) pointed out that many browser machines have
PDF files in predictable locations that can be accessed via file://
links. That lets an attacker gain local javascript execution. At one
point Firefox had a rule restricting http:// and https:// web pages
from accessing file:// links. Does that rule still exist, and if so
does it mitigate the risk posed to firefox users?
Regards,
Brian
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]