[K12OSN] Firefox security problems to be aware of
Tim Litwiller
tim at litwiller.net
Mon Aug 2 21:11:46 UTC 2004
Since we are only allowing users to browse to one internal (intranet)
card catalog server - I don't think we have to worry about this, but
thanks for the heads up anyways.
Stephen Smoogen wrote:
>Just a heads up from someone reading other lists. There are a couple of
>problems with firefox dealing with being spoofed by .xul webpages and
>some other SSL issues (havent had time to see if they are connected.)
>
>The .xul issue is that firefox will render .xul in a way that can
>completely fakeout your browsers look and feel (ie trojan your desktop).
>Thunderbird may also be affected in parts. I am not sure of the
>complete implications but I can see new avenues for porn/spam and
>definately loss of privacy.
>
>At the moment, I havent seen much on the 'what to do' other than make
>.xul a prohibited item in your squid proxy. Hopefully the firefox people
>will figure out a way to do this safely.
>
>There was also mention that there is a way to make mozilla/firefox to
>only allow javascript from trusted sites. At the moment it can only be
>done by editing the old prefs.js file.. and they didnt mention what
>needed to be changed :).
>
>
>
More information about the K12OSN
mailing list