OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
[Full-disclosure] Flaw in Firefox 3.0: protocol-handler.warn-external are ignored

From: carl hardwick (hardwick.carlgmail.com)
Date: Wed Jun 18 2008 - 10:22:51 CDT


these protocol-handler security settings are ignored although they're
set to 'true' and no warnings are shown:

network.protocol-handler.warn-external.mailto
network.protocol-handler.warn-external.news
network.protocol-handler.warn-external.nntp
network.protocol-handler.warn-external.snews
(in about:config)

For example,
I set network.protocol-handler.warn-external.mailto to 'true', clicked
on an e-mail link and Windows Mail is launched without any warnings
(tested on Firefox 3.0 on Windows Vista SP1)

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/