On Sun, 15 Nov 2009 10:51:56 +0200 Yavor Doganov wrote: > Do I understand correctly that the proper fix for this vulnerability > is to disallow adding data:/javascript: URIs with Bookmarks -> Add to > bookmarks menu, preferrably informing the user with a dialog?
yes, that appears to be what the (as-yet unapplied) mozilla patch does. mike -- To UNSUBSCRIBE, email to debian-bugs-rc-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org