General :
K-Meleon Web Browser Forum
IE7 and Firefox 2.0.0.1 cough up hard drive contents
Wonder if this demonstration exploit for Firefox 2.0.0.1 works for you.
The proof of concept failes with K-Meleon 1.02 on my system (w2k/SP4) even logged in as admin.
Edited 1 time(s). Last edit at 02/13/2007 04:27PM by Yogi.
K-Mel 1.02 fails vulnerability test here (Win XP Pro).
But ONLY when running as admin.
K-mel here is ALWAYS run under DMR (Drop My Rights), or Sandboxed.
This could only work with javascript enabled, which I have turned off by default,
except for a defined purpose. Most vulnerabilities appear only, when javascript or Active X scripts
open a door. Of course, surfing with a user account is equally important, to
avoid damages, as far as possible, and will not represent a big obstacle for comfortable
browsing.
Fred
No, here k-m 1.02 de-AT did nor fall for it with JS activated. It stopped after typing "C". I also had the same with Firefox with 1.5.0.9 engine.
IE 7 Standalone Install crashed
reproducable. In one case i had to reboot because it tore down explorer too.
Maybe system specific for all browsers? My XP is not on C:/; IE error is about path.
General discussion about K-Meleon
Vulnerability question
Posted by:
Yogi
Date: February 13, 2007 04:27PM
IE7 and Firefox 2.0.0.1 cough up hard drive contents
Wonder if this demonstration exploit for Firefox 2.0.0.1 works for you.
The proof of concept failes with K-Meleon 1.02 on my system (w2k/SP4) even logged in as admin.
Edited 1 time(s). Last edit at 02/13/2007 04:27PM by Yogi.
Re: Vulnerability question
Posted by:
Bob D
Date: February 13, 2007 06:10PM
K-Mel 1.02 fails vulnerability test here (Win XP Pro).
But ONLY when running as admin.
K-mel here is ALWAYS run under DMR (Drop My Rights), or Sandboxed.
Re: Vulnerability question
Posted by:
Fred
Date: February 14, 2007 06:13AM
This could only work with javascript enabled, which I have turned off by default,
except for a defined purpose. Most vulnerabilities appear only, when javascript or Active X scripts
open a door. Of course, surfing with a user account is equally important, to
avoid damages, as far as possible, and will not represent a big obstacle for comfortable
browsing.
Fred
Re: Vulnerability question
Posted by:
guenter
Date: February 15, 2007 04:53AM
No, here k-m 1.02 de-AT did nor fall for it with JS activated. It stopped after typing "C". I also had the same with Firefox with 1.5.0.9 engine.
IE 7 Standalone Install crashed
reproducable. In one case i had to reboot because it tore down explorer too.
Maybe system specific for all browsers? My XP is not on C:/; IE error is about path.
English