[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]

Re: Warnings on the download page (Re: QuickJava update req)



Thus spake light zoo (lightzook@xxxxxxxxx):

> 
> --- Mike Perry <mikepery@xxxxxxxxxx> wrote:
> 
> > Perhaps he would be amenable to fixing his
> > extension against moore's on-the-fly HTML
> > generation.  However his email address is not
> > listed on the author page :(
> 
> Well it looks like Mr. Greene prefers to receive
> feature requests on his blog, not email.  He seems
> very open to feature requests and suggestions:
> 
> Quote Mr. Green:
> --
> Please leave comments for feature requests here to be
> considered.
> --
> 
> Mr. Green's blog entry page:
> http://www.blogger.com/comment.g?blogID=17969172&postID=112982970672088922

Yeah, I left a feature request for him. 
http://quickjavaplugin.blogspot.com/2006/12/features-requested.html

On further investigation his plugin seems to rely on the Firefox
setting 'security.enable_java', so perhaps he would have direct
ability in fixing this bug.. But on the plus side, maybe the fact that
this setting is under 'security' and can still be bypassed will
warrant prompt response from the Firefox team.. I'm probably occupied
for today.. If anyone wants to test this option for firefox 1.5 and
2.0 latest with moore's page please do so and post here. Note it's
hard to tell if the applet is running. You probably have to use
wireshark and filter on udp while hitting the page with tor disabled.
The udp packet is to red.metasploit.com. It is easy to see with a
filter of 'udp'.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs