Closed
Bug 243873
Opened 21 years ago
Closed 21 years ago
Seem to be able to launch Help.app and run a script with a URL like 'help:runscript=...',
Categories
(Camino Graveyard :: OS Integration, defect)
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 243699
People
(Reporter: mark, Assigned: mikepinkerton)
Details
User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a) Gecko/20040517 Camino/0.7+
Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.8a) Gecko/20040517 Camino/0.7+
I was reading apple.slashdot.org (see url in additional information) and Camino
seems to be able to run "help:runscript=...'"
like help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt
Reproducible: Always
Steps to Reproduce:
1.Paste URL:"help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt"
2.Press return
Actual Results:
See Date and time in help app.
I read about "vulnerability has been found in Mac OS X's Safari, which will
launch Help.app and run an arbitrary script with a URL like 'help:runscript=...', "
http://apple.slashdot.org/apple/04/05/17/1646216.shtml?tid=126&tid=172&tid=179&tid=185&tid=190
and "Serious Security Flaw in Mac OS X/Safari/Help Viewer"
http://forums.macnn.com/showthread.php?%20s=&threadid=213043&perpage=50&pagenumber=1
|
Assignee | |
Comment 1•21 years ago
|
||
this should have been fixed by 243699, reporter can you verify?
*** This bug has been marked as a duplicate of 243699 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Summary: Seem to be able to launch Help.app and run a script with a URL like 'help:runscript=...', → Seem to be able to launch Help.app and run a script with a URL like 'help:runscript=...',
|
Reporter | |
Comment 2•21 years ago
|
||
Tested "help:runscript=../../Scripts/Info Scripts/Current Date & Time.scpt"
with 0.8b 2004051715 - date and time still show.
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•