Warnings on the download page (Re: QuickJava update req)

Mike Perry mikepery at fscked.org
Thu Mar 8 20:27:45 UTC 2007


Thus spake light zoo (lightzook at yahoo.com):

> 
> --- Mike Perry <mikepery at fscked.org> wrote:
> 
> > Perhaps he would be amenable to fixing his
> > extension against moore's on-the-fly HTML
> > generation.  However his email address is not
> > listed on the author page :(
> 
> Well it looks like Mr. Greene prefers to receive
> feature requests on his blog, not email.  He seems
> very open to feature requests and suggestions:
> 
> Quote Mr. Green:
> --
> Please leave comments for feature requests here to be
> considered.
> --
> 
> Mr. Green's blog entry page:
> http://www.blogger.com/comment.g?blogID=17969172&postID=112982970672088922

Yeah, I left a feature request for him. 
http://quickjavaplugin.blogspot.com/2006/12/features-requested.html

On further investigation his plugin seems to rely on the Firefox
setting 'security.enable_java', so perhaps he would have direct
ability in fixing this bug.. But on the plus side, maybe the fact that
this setting is under 'security' and can still be bypassed will
warrant prompt response from the Firefox team.. I'm probably occupied
for today.. If anyone wants to test this option for firefox 1.5 and
2.0 latest with moore's page please do so and post here. Note it's
hard to tell if the applet is running. You probably have to use
wireshark and filter on udp while hitting the page with tor disabled.
The udp packet is to red.metasploit.com. It is easy to see with a
filter of 'udp'.


-- 
Mike Perry
Mad Computer Scientist
fscked.org evil labs



More information about the tor-talk mailing list