From owner-freebsd-questions@FreeBSD.ORG Fri Jul 6 00:41:57 2012 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 00A811065670 for ; Fri, 6 Jul 2012 00:41:57 +0000 (UTC) (envelope-from jhs@berklix.com) Received: from tower.berklix.org (tower.berklix.org [83.236.223.114]) by mx1.freebsd.org (Postfix) with ESMTP id 463978FC0A for ; Fri, 6 Jul 2012 00:41:55 +0000 (UTC) Received: from park.js.berklix.net (p5DCBE665.dip.t-dialin.net [93.203.230.101]) (authenticated bits=0) by tower.berklix.org (8.14.2/8.14.2) with ESMTP id q660flnM014909; Fri, 6 Jul 2012 00:41:48 GMT (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (fire.js.berklix.net [192.168.91.41]) by park.js.berklix.net (8.14.3/8.14.3) with ESMTP id q660gLuq008428; Fri, 6 Jul 2012 02:42:21 +0200 (CEST) (envelope-from jhs@berklix.com) Received: from fire.js.berklix.net (localhost [127.0.0.1]) by fire.js.berklix.net (8.14.4/8.14.4) with ESMTP id q660g65c082363; Fri, 6 Jul 2012 02:42:11 +0200 (CEST) (envelope-from jhs@fire.js.berklix.net) Message-Id: <201207060042.q660g65c082363@fire.js.berklix.net> To: Carsten Mattner From: "Julian H. Stacey" Organization: http://berklix.com BSD Unix Linux Consultancy, Munich Germany User-agent: EXMH on FreeBSD http://berklix.com/free/ X-URL: http://www.berklix.com In-reply-to: Your message "Fri, 06 Jul 2012 00:28:32 +0200." Date: Fri, 06 Jul 2012 02:42:06 +0200 Sender: jhs@berklix.com Cc: Wojciech Puchar , freebsd-questions@freebsd.org Subject: Re: FreeBSD vs Hurd what is the differences? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 06 Jul 2012 00:41:57 -0000 Hi, Reference: > From: Carsten Mattner > Date: Fri, 6 Jul 2012 00:28:32 +0200 > Message-id: Carsten Mattner wrote: > On Thu, Jul 5, 2012 at 4:39 PM, Wojciech Puchar > wrote: > >>> As for reading anything else than internal firefox data it is not > >>> possible > >>> except very basic bug is there. > >> > >> > >> Yes otherwise all the flash sites would have gathered files from local > >> disks. > > > > > > true. javascript activity is sandboxed. But within that sandbox there are > > million bugs. > > > > i've already seen trojans that completely took control over firefox. > > But - in spite it was windoze - ONLY firefox. Everything else was fine. > > > > Deleting firefox user data removed the trojan. > > Nothing is impossible at that complexity. > > I'd still like to know what Julian saw as you didn't see that. > Did it really contain a script which made it fetch random files from the > local disk? I don't know. I wrote how I obtained the data patern I saw, in my: > Message-id: <201207050936.q659aWCI016222@fire.js.berklix.net> > Date: Thu, 05 Jul 2012 11:36:32 +0200 Others very welcome to try it. > Julian? > Which Firefox version? Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 > I am a little concerned. Me too ! Not had tme to pursued it though. & I dont feel like exporting that data public in case its already gone too far. I suggest others create a dummy guest account & then accesss URL & do page save as I wrote. > > >> There are some new Browser APIs which allow you to create files and > >> only the site that created and owns the file may access it. > > > > From what version? > > http://people.mozilla.com/~tglek/velocity2012/ > https://wiki.mozilla.org/WebAPI/FileHandleAPI > Planned as a supplement or replacement for IndexedDb it seems. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/