Bug#565564: Fw: Re: Bug#565564: stylesheet can remove save option from images
Mike Hommey
mh at glandium.org
Mon Feb 1 06:45:28 UTC 2010
On Mon, Feb 01, 2010 at 02:31:13AM +0000, Mark Hobley wrote:
>
>
> --- On Mon, 1/2/10, Mark Hobley <markhobley at yahoo.co.uk> wrote:
>
> > http://stcanning-your-computerc.com/scn1/?id=%3DnQ3xTzuNDMyLjE1MC4yNTImcGlkPTM2NHMxJnRpbWU9MTI2MjkyNg0OaA%3DM
>
> Hmmm, that website keeps disappearing. Try this one:
>
> http://foryoursecurityonline.com/
Doesn't work either.
> BTW, I am very worried about that string in the first website
>
> %3DnQ3xTzuNDMyLjE1MC4yNTImcGlkPTM2NHMxJnRpbWU9MTI2MjkyNg0OaA%3DM
>
> Is there any way that this can contain password information for another website, or any information taken from another browser window that I have
> open?
>
> I don't want the browser to be able to take information from one window and provide it to another, or to be able to pass other information that the
> browser knows about, but is not relating to the webpage that has appeared.
>
> I am not familiar with the browser code or the security model that it deploys, and I could really do with a code security audit on this package.
If a website wants to send information to another one, or itself,
through urls, there really is nothing that the browser can do to prevent
that. It's not its role either.
Mike
More information about the pkg-mozilla-maintainers
mailing list