Avast WEBforum
Other => General Topics => Topic started by: polonus on April 29, 2008, 09:27:14 PM
-
[tweak.firefox] Intercept e-mail URL exploits
On the Internet you may come across mailto:/ links. These links automatically start up your standard e-mail program when you (would) link to it. However these mailto:/ link could have security leaks so whatever command can be executed (eg. a format of C: disk in dos!). In Firefox here exists an option that makes you a bit more secure against these potential dangerous mailto:/ links.
In the address bar you now give in: "about:config" (without "")
Then you look in filter for "warn-external", and then with the other side of the mouse you click "network.protocol-handler.warn-external.mailto" and click to change the value would become to read true. In this case you will get a warning with the full URL and you can cancel the dangerous command in time. You could follow a similar procedure for "network.protocol-handler.warn-external.news" so usenet programs are not started by default with a possibly dangerous command,
polonus
-
btw these attached screenshots appear for me to be just mini previews ...
please use e.g. imageshack and IMG links ...
-
Hi Dwarden,
Here you go, click for enlargment,
pol
-
Hi polonus,
You seem to have another preference name there, network.protocol-handler.warn-external.file value = false.
That preference name it isn't in FF 2.0.0.14 is this a new value in a later beta version ?
I would have though that you would have set that to True also as running an external file would seem to pose a greater risk ?