Comments on: chrome protocol directory traversal

By: bob

bob — Thu, 24 Jan 2008 20:59:39 +0000

clicking on a link in Thunderbird to open in Firefox does not work – I have to manually drag it onto Firefox.

what do I do to fix it?

Is it due to this newly discovered problem and what do I do to prevent it?

if a registry issue, where at in the registry would it be?

would reinstall of both Thunderbird and Firefox cause me to loose my settings and data?

Thank you

By: mike

mike — Thu, 24 Jan 2008 15:24:28 +0000

NoScript is useless because you can exploit this flaw with a plain HTML code without using javascript: a simple chrome link is enough to exploit this flaw to steal data!

By: Giorgio Maone

Giorgio Maone — Wed, 23 Jan 2008 17:46:51 +0000

The NoScript extension prevents chrome: URIs from being loaded as scripts in content pages, effectively making this bug unexploitable no matter if the page is trusted or not.