Comments on: Mozilla Protocol Abuse http://larholm.com/2007/07/25/mozilla-protocol-abuse/ Me, myself and I Tue, 07 Oct 2008 22:59:11 +0000 http://wordpress.org/?v=2.6.1 By: Stickymaddness http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1206 Stickymaddness Sat, 28 Jul 2007 14:59:27 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1206 Great stuff, hats off to Thor Larholm! :) Great stuff, hats off to Thor Larholm! :)

]]> By: [SSD] Security & Development Blog » Insisto: grave riesgo amenaza a usuarios de Firefox en Windows XP http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1169 [SSD] Security & Development Blog » Insisto: grave riesgo amenaza a usuarios de Firefox en Windows XP Fri, 27 Jul 2007 15:29:35 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1169 [...] Mozilla Protocol Abuse [Larholm.com]. [...] [...] Mozilla Protocol Abuse [Larholm.com]. [...]

]]> By: Thor Larholm http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1128 Thor Larholm Thu, 26 Jul 2007 15:02:51 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1128 ortis, Mozilla was already notified about this vulnerability and Thunderbird 2.0.0.5 protects against these exploits. Regards Thor Larholm ortis, Mozilla was already notified about this vulnerability and Thunderbird 2.0.0.5 protects against these exploits.

Regards
Thor Larholm

]]> By: ortis http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1127 ortis Thu, 26 Jul 2007 14:49:14 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1127 hi, It's good to discover a vuln but it's better to signal the vendor first. This should be the way a real man does, guy. hi,

It’s good to discover a vuln but it’s better to signal the vendor first. This should be the way a real man does, guy.

]]> By: Pat http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1117 Pat Thu, 26 Jul 2007 10:30:49 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1117 Well done Thor. You certainly are clever, and it is refreshing to see someone write about exploits without resorting to "zomg h4x"-style language. 10 points for visual presentation and being easy to read, plus another 10 points for interesting content. Well done Thor. You certainly are clever, and it is refreshing to see someone write about exploits without resorting to “zomg h4x”-style language.

10 points for visual presentation and being easy to read, plus another 10 points for interesting content.

]]> By: halans http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1109 halans Thu, 26 Jul 2007 03:32:20 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1109 Great stuff, Thor! FYI, Democracy Player changed into Miro. Great stuff, Thor!
FYI, Democracy Player changed into Miro.

]]> By: Larholm.com - Me, myself and I » Thunderbird 1.5 has not been patched with osint http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1107 Larholm.com - Me, myself and I » Thunderbird 1.5 has not been patched with osint Thu, 26 Jul 2007 01:28:31 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1107 [...] Mozilla Protocol Abuse [...] [...] Mozilla Protocol Abuse [...]

]]> By: Alun Jones http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1101 Alun Jones Wed, 25 Jul 2007 23:03:12 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1101 Hmm... txtfile:c:\autoexec.bat - yeah, that's a good URL. Even better is cmdfile:c:\windows\system32\calc.exe - gives a really scary-looking dialog box, and then fails to run anything. Fun-ny. I'm going to forward that one to /all/ my friends. Hmm… txtfile:c:\autoexec.bat - yeah, that’s a good URL. Even better is cmdfile:c:\windows\system32\calc.exe - gives a really scary-looking dialog box, and then fails to run anything. Fun-ny. I’m going to forward that one to /all/ my friends.

]]> By: ascii http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1100 ascii Wed, 25 Jul 2007 22:54:53 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1100 Hi larholm, really good writeup! I just wrote a little howto to completely disable external protocols handlers and whitelist only few protocols that are handled internally by Firefox: http://www.ush.it/2007/07/25/clientside-security-hardening-mozilla-firefox/ Hi larholm, really good writeup!

I just wrote a little howto to completely disable external protocols handlers and whitelist only few protocols that are handled internally by Firefox:

http://www.ush.it/2007/07/25/clientside-security-hardening-mozilla-firefox/

]]> By: Nathan McFeters http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1089 Nathan McFeters Wed, 25 Jul 2007 18:55:48 +0000 http://larholm.com/2007/07/25/mozilla-protocol-abuse/#comment-1089 I love it Thor, good stuff. Digging into it now... I suspect other browsers, mail clients, news readers, etc. could be vulnerable to this. I love it Thor, good stuff. Digging into it now… I suspect other browsers, mail clients, news readers, etc. could be vulnerable to this.

]]>