Jump to content


New browser link security exploit


  • Please log in to reply
No replies to this topic

#1 hokan

hokan

    Newbie

  • Members
  • 5 posts

Posted 18 May 2004 - 08:14 PM

There's a new nasty security problem (although no dangerous exploits appear to exist for now), which allows url links to call the "Help viewer" application and execute arbitrary code on the users mac.

Here's a good link:
http://www.jayallen....l_security_flaw

* It's not a browser specific problem
* The problem is that "help:" urls get sent to the "Help Viewer" which executes code
* The best solution appears to be to remap "help" calls to some other application http://www.monkeyfoo...e/moreInternet/ and http://www.clauss-ne...fox/misfox.html can be used to do this.