Off-Topic :  K-Meleon Forum
All which isn't K-Meleon related. 
Chatzilla module Vulnerable?
Posted by: ndebord
Date: February 07, 2010 10:40AM

This FireFox Chatzilla exploit is talked about in MozillaZine

http://www.theregister.co.uk/2010/01/30/firefox_interprotocol_attack/

N

Options: ReplyQuote
Re: Chatzilla module Vulnerable?
Posted by: desga2
Date: February 07, 2010 06:26PM

NO problem for K-Meleon, we aren't used the Chatzilla IRC module. smiling smiley

K-Meleon in Spanish



Edited 1 time(s). Last edit at 02/07/2010 06:26PM by desga2.

Options: ReplyQuote
Re: Chatzilla module Vulnerable?
Posted by: ndebord
Date: February 07, 2010 11:39PM

Quote
desga2
NO problem for K-Meleon, we aren't used the Chatzilla IRC module. smiling smiley

desga2,

Alain earlier on and Disrupted now have put up Chatzilla for use with KM.

http://kmext.sourceforge.net/ext2.htm

I'm using it as we speak! <wry grin>

N

Options: ReplyQuote
Re: Chatzilla module Vulnerable?
Posted by: desga2
Date: February 08, 2010 12:46AM

mmmmm... extensions, Who need it? tongue sticking out smiley

K-Meleon in Spanish

Options: ReplyQuote
Re: Chatzilla module Vulnerable?
Posted by: disrupted
Date: February 08, 2010 01:54AM

Quote
desga2
mmmmm... extensions, Who need it? tongue sticking out smiley
grinning smiley
but i need this one: bugmenot-auto registeration( super thanks to matt, now i can spam and post obscenities in the honDUH-acura forums grinning smiley)

ok,seriously..that chatzilla bug has no affect on kmeleon because it will only activate when clicking on explioted irc hyper addresses and when the irc protocol is registered to chatzilla inside the browser

e.g like this address:
irc://freenodes.net/blahblah#freebsd

the above address on firefox with chatzilla will trigger chatzilla window to connect to that channel and enter the room.. but this will not happen in kmeleon with chatzilla

when chatzilla is installed in firefox, the protocol is registered at once to chatzilla and that's where the exploit lies so a site can be coded to include a bogus irc protocol that opens chatzilla to do nasty stuff
when chatzilla was ported to kmeleon the protocol registration was eliminated... to be honest, it wasn't removed because of a foresight of such a vulnerability but because it was too hard to register in kmeleon due to lack of certain services and not really useful so chatzilla can only be opened manually in kmeleon from its menu command and therefore that vulnerability does not exist at all on km+chatzilla

instant relaxation:
http://home.htp-tel.de/sterntaler/index1.html
fireworks @ ikenhatu pond +cours des choses
thank you gunter

Options: ReplyQuote
Re: Chatzilla module Vulnerable?
Posted by: ndebord
Date: February 08, 2010 03:53AM

Quote
desga2
mmmmm... extensions, Who need it? tongue sticking out smiley

desga2,

Funny Guy!!!

I guess you're moving to Chrome next, no???

<g,d&r>

N

Options: ReplyQuote
Re: Chatzilla module Vulnerable?
Posted by: ndebord
Date: February 08, 2010 03:54AM

Quote
disrupted
Quote
desga2
mmmmm... extensions, Who need it? tongue sticking out smiley
grinning smiley
but i need this one: bugmenot-auto registeration( super thanks to matt, now i can spam and post obscenities in the honDUH-acura forums grinning smiley)

ok,seriously..that chatzilla bug has no affect on kmeleon because it will only activate when clicking on explioted irc hyper addresses and when the irc protocol is registered to chatzilla inside the browser

e.g like this address:
irc://freenodes.net/blahblah#freebsd

the above address on firefox with chatzilla will trigger chatzilla window to connect to that channel and enter the room.. but this will not happen in kmeleon with chatzilla

when chatzilla is installed in firefox, the protocol is registered at once to chatzilla and that's where the exploit lies so a site can be coded to include a bogus irc protocol that opens chatzilla to do nasty stuff
when chatzilla was ported to kmeleon the protocol registration was eliminated... to be honest, it wasn't removed because of a foresight of such a vulnerability but because it was too hard to register in kmeleon due to lack of certain services and not really useful so chatzilla can only be opened manually in kmeleon from its menu command and therefore that vulnerability does not exist at all on km+chatzilla

instant relaxation:
http://home.htp-tel.de/sterntaler/index1.html
fireworks @ ikenhatu pond +cours des choses
thank you gunter

disrupted,

Very good... accidental security provided by KM once again! <VBG>

N

Options: ReplyQuote


K-Meleon forum is powered by Phorum.