Date: Fri, 06 Jul 2012 02:42:06 +0200 From: "Julian H. Stacey" <jhs@berklix.com> To: Carsten Mattner <carstenmattner@gmail.com> Cc: Wojciech Puchar <wojtek@wojtek.tensor.gdynia.pl>, freebsd-questions@freebsd.org Subject: Re: FreeBSD vs Hurd what is the differences? Message-ID: <201207060042.q660g65c082363@fire.js.berklix.net> In-Reply-To: Your message "Fri, 06 Jul 2012 00:28:32 %2B0200." <CACY%2BHvpb08W4bJgucJb1ghVf-JgPZs0869qVxFrYRtXEF917wA@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Hi, Reference: > From: Carsten Mattner <carstenmattner@gmail.com> > Date: Fri, 6 Jul 2012 00:28:32 +0200 > Message-id: <CACY+Hvpb08W4bJgucJb1ghVf-JgPZs0869qVxFrYRtXEF917wA@mail.gmail.com> Carsten Mattner wrote: > On Thu, Jul 5, 2012 at 4:39 PM, Wojciech Puchar > <wojtek@wojtek.tensor.gdynia.pl> wrote: > >>> As for reading anything else than internal firefox data it is not > >>> possible > >>> except very basic bug is there. > >> > >> > >> Yes otherwise all the flash sites would have gathered files from local > >> disks. > > > > > > true. javascript activity is sandboxed. But within that sandbox there are > > million bugs. > > > > i've already seen trojans that completely took control over firefox. > > But - in spite it was windoze - ONLY firefox. Everything else was fine. > > > > Deleting firefox user data removed the trojan. > > Nothing is impossible at that complexity. > > I'd still like to know what Julian saw as you didn't see that. > Did it really contain a script which made it fetch random files from the > local disk? I don't know. I wrote how I obtained the data patern I saw, in my: > Message-id: <201207050936.q659aWCI016222@fire.js.berklix.net> > Date: Thu, 05 Jul 2012 11:36:32 +0200 Others very welcome to try it. > Julian? > Which Firefox version? Mozilla/5.0 (X11; FreeBSD amd64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1 > I am a little concerned. Me too ! Not had tme to pursued it though. & I dont feel like exporting that data public in case its already gone too far. I suggest others create a dummy guest account & then accesss URL & do page save as I wrote. > > >> There are some new Browser APIs which allow you to create files and > >> only the site that created and owns the file may access it. > > > > From what version? > > http://people.mozilla.com/~tglek/velocity2012/ > https://wiki.mozilla.org/WebAPI/FileHandleAPI > Planned as a supplement or replacement for IndexedDb it seems. Cheers, Julian -- Julian Stacey, BSD Unix Linux C Sys Eng Consultants Munich http://berklix.com Reply below not above, cumulative like a play script, & indent with "> ". Format: Plain text. Not HTML, multipart/alternative, base64, quoted-printable. Mail from @yahoo dumped @berklix. http://berklix.org/yahoo/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201207060042.q660g65c082363>