Re: How can you tell what this applet is doing ?

wylbur37 wrote: Do you know of any decompiler that would, in effect, convert a .class file back to a .java file? http://kpdus.tripod.com/jad.html#general ___ Mozilla-security mailing list Mozilla-security@mozilla.org

Re: Mozilla targeted malware in the wild

Robert Mohr wrote: It's not the default and never will be, but you can set 'xpinstall.enabled' to false in about:config. Or you go to edit/preferences/advanced/software installation and disable it there... ___ Mozilla-security mailing list [EMAIL

Re: Signed Script has no privileges

Christian Biesinger wrote: I tried out signed scripts today, and have some problems. Oh yeah, I tried one more thing, namely putting the test.html file on a SSL server, but that didn't seem to work either - same problems as with a non-ssl server.

Signed Script has no privileges

Hello! I tried out signed scripts today, and have some problems. Firstly, I have created a HTML file (see below) which does netscape.security.PrivilegeManager.enablePrivilege(UniversalXPConnect). Then I put it in the directory pref and called this command: ./signtool -kbiesi -Zpref.jar pref

Re: No anouncement that you're workin' on that serious bug?

Christian Schuglitsch wrote: I made the browsercheck at http://www.heise.de/ct/browsercheck/n6demo1.shtml with my 1.0 RC1 on Linux and could read all my files. True. This is fixed in the most recent nightly, however. Now give us that proof, how OpenSpource works and present us the RC2

Re: http referer over https connections

Mitchell Stoltz wrote: In general, you shouldn't write applications that depend on referrer headers, because user agents can always opt not to send them. ...or even send faked ones, so a referer is no real protection. -- They that can give up essential liberty to obtain a little temporary

Re: newbie security question

Beaumont Jones wrote: i just starting using mac mozilla 0.9.9. is the encryption for sending credit card info and that sort of stuff fairly secure? maybe this is a dumb question, as i never really asked it about internet explorer. thanks! The 128 bit SSL-encryption that's used for sending

Re: Protect Script Code

Paulo Lopes wrote: Is there a way to protect javascript code? No and there can't be. The browser must see the cleartext Javascript code to execute it, and if the browser can decode it, a user can as well. -- They that can give up essential liberty to obtain a little temporary safety deserve

Re: PGP 6.58 plugin?

ZZT wrote: Hi, as known PGP 6.58 dont brings plugins for netscape/mozilla. Is there something reliable that I can use for doing PGP? http://enigmail.mozdev.org might be what you want, but I do not know how reliable it works.