Comments on “Making open-source browsing safe for the masses” • Channel Register

Comments on: Making open-source browsing safe for the masses

Back to the article
Comments on this article are now closed

Well! #

By David Eddleman Posted Thursday 2nd August 2007 11:17 GMT

"It's a problem on both sides."

Thank you and goodnight.

"It's a problem on both sides." #

By Anonymous Coward Posted Thursday 2nd August 2007 11:46 GMT

True, but one side has fixed it. The other is pretending it doesn't exist.

It's a feature, not a problem. #

By I.M.Fantom Posted Thursday 2nd August 2007 15:11 GMT

is Microsoft's usual reply.

Other platforms #

By Dillon Pyron Posted Thursday 2nd August 2007 16:10 GMT

OS X. Does Safari get passed this "malcious code" and is there a know (KNOWN) exploit for it?

Linux. Plenty of other browsers. Same question.

It was always a Firefox problem #

By Steve P Posted Thursday 9th August 2007 03:52 GMT

The problem was that Firefox registers the 'firefoxurl:' URL scheme and failed to validate the data they were getting through it. That they are not validating the data is what makes it a Firefox problem.

They are using the same mechanism that Real Player uses to register 'rtsp:', Media Player to register 'mms:', Steam to register 'steam:', your mail program uses to register 'mailto:', and your browser uses to register 'http:' and 'https:'.

With the variety of url schemes supported, it's hardly reasonable to assume Microsoft can really validate each type.