Date: Fri, 6 Jul 2012 14:47:43 +0200 From: Carsten Mattner <carstenmattner@gmail.com> To: "Julian H. Stacey" <jhs@berklix.com> Cc: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>, freebsd-questions@freebsd.org Subject: Re: FreeBSD vs Hurd what is the differences? Message-ID: <CACY%2BHvrtMC6mHOPN%2BVeFa3vVCURYn0bGc0DifMKS2%2BOot=Td6A@mail.gmail.com> In-Reply-To: <201207060042.q660g65c082363@fire.js.berklix.net> References: <CACY%2BHvpb08W4bJgucJb1ghVf-JgPZs0869qVxFrYRtXEF917wA@mail.gmail.com> <201207060042.q660g65c082363@fire.js.berklix.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Fri, Jul 6, 2012 at 2:42 AM, Julian H. Stacey <jhs@berklix.com> wrote: > Hi, > Reference: >> From: Carsten Mattner <carstenmattner@gmail.com> >> Date: Fri, 6 Jul 2012 00:28:32 +0200 >> Message-id: <CACY+Hvpb08W4bJgucJb1ghVf-JgPZs0869qVxFrYRtXEF917wA@mail.gmail.com> > > Carsten Mattner wrote: >> On Thu, Jul 5, 2012 at 4:39 PM, Wojciech Puchar >> <wojtek@wojtek.tensor.gdynia.pl> wrote: >> >>> As for reading anything else than internal firefox data it is not >> >>> possible >> >>> except very basic bug is there. >> >> >> >> >> >> Yes otherwise all the flash sites would have gathered files from local >> >> disks. >> > >> > >> > true. javascript activity is sandboxed. But within that sandbox there are >> > million bugs. >> > >> > i've already seen trojans that completely took control over firefox. >> > But - in spite it was windoze - ONLY firefox. Everything else was fine. >> > >> > Deleting firefox user data removed the trojan. >> >> Nothing is impossible at that complexity. >> >> I'd still like to know what Julian saw as you didn't see that. >> Did it really contain a script which made it fetch random files from the >> local disk? > > I don't know. > I wrote how I obtained the data patern I saw, in my: Fair enough :). >> Message-id: <201207050936.q659aWCI016222@fire.js.berklix.net> >> Date: Thu, 05 Jul 2012 11:36:32 +0200 > > Others very welcome to try it. Of course. >> Julian? > >> Which Firefox version? > > Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 I don't want to be that guy whos says it but that version is old and may contain widely known holes. >> I am a little concerned. > > Me too ! > Not had tme to pursued it though. > & I dont feel like exporting that data public > in case its already gone too far. You don't have to export it at all. Can you confirm the data within is the same as say the same file in /etc or ~/.ssh? If that's really the case, it's a problem. > I suggest others create a dummy guest account & then accesss URL & do > page save as I wrote.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CACY%2BHvrtMC6mHOPN%2BVeFa3vVCURYn0bGc0DifMKS2%2BOot=Td6A>