I just started regularly using the current trunk builds of Thunderbird and
Seamonkey, and was surprised by the fact that
I was unable to open an mp3 file that was included either as an attachment or
as inline content.
Not sure when this started, but surely is bothersome to have to first save the
ot;>
Seamonkey will launch a Fullscreen window in the browser, even N4.x accepts the
code.
I didn't expect Thunderbird to over-ride the messagepane window, but did expect
my default (Firefox)
to be called.
Is there a pref or a workaround to enable the script to work, or perhaps a pref
concerned about here.
JoeS
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
James Ross wrote:
JoeS wrote:
Unfortunately, if the user.js file is removed, the policy stays in
effect. And where are the particulars of the policy stored, I don't
see them anywhere. My point is, if I set a policy, how do I reverse or
modify the policy, short of creating a new pr
//secnews.netscape.com
news://news.mozilla.org news://news.leibowitz.org";);
user_pref("capability.policy.policynames", "allowjs");
Unfortunately, if the user.js file is removed, the policy stays in
effect. And where are the particulars of the
Boris Zbarsky wrote:
JoeS wrote:
Mail and news have very different security needs IMHO
That may well be. Might be worth filing a bug on that. I suspect the
default configuration would still have the same prefs set for both of
them, though...
-Boris
https://bugzilla.mozilla.org
Boris Zbarsky wrote:
JoeS wrote:
Yes, but only if you know that default policies have been violated.
Er... you can set up policies even if nothing has been violated.
I think at least an alert should be done here
So a site can go into an endless alert loop by violating a security
policy
Boris Zbarsky wrote:
JoeS wrote:
Unfortunately, "this does not work" equates to "this software is not
capable" for most users. Let the user know when pref controlled
capabilities are violated at least.
Feel free to suggest UI for this. I don't see
capable of, for the
sake of security, and let the user decide.
JoeS
___
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security
