Marine wrote: > <object type="text/html" data="jar:<%= > request.getContextPath()%>/js/jsAvecPrivileges.jar!/jsUtilsAvecPrivileges.html" > > width="0px" height="0px" name="jsUtilsAvecPrivileges"> > </object> ... > I wonder if this could be due to vulnerability correction in Firefox > 2.0.0.15 : http://www.mozilla.org/security/announce/2008/mfsa2008-23.html
Yes. What you were doing before was exploitable. > ==> But now, how can I get it work again ? Either put all your code into a signed jar, or put the parts that need privileges into an extension and communicate with it from your untrusted code using events or whatnot. In Fx3 you can also use window.postMessage, but that won't help with Fx2. -Boris _______________________________________________ dev-security mailing list [email protected] https://lists.mozilla.org/listinfo/dev-security
