xfce 4.4.2 test packages ready
Eren Türkay
turkay.eren at gmail.com
Sun Nov 18 08:47:33 CET 2007
On Sunday 18 November 2007 09:30:18 Brian J. Tarricone wrote:
> 1. I disagree with their severity rating of 'High'. An attacker has
> to a) somehow get a URL to display in Terminal, which is difficult (I
> don't imagine too many people run a text-mode web browser or interact
> with *too* much untrusted data in a terminal), and then, the user has
> to middle-click on it (not just click; middle-click), which is of
> rather low to medium probability. Note that the kinds of people who
> are foolish enough to click on links of that nature are not the kinds
> of people who would end up using Terminal all that much. Yes, it
> should be fixed. Is it that big a deal? No.
If user is using "irssi" or "weechat" with Terminal and someone gives an url
which is confusing like "http://foo/bar.php?some=s&{rm -rf ~/}, how a user
can be aware of this?
Is it a big deal? *Exactly* Yes!
More information about the Xfce4-dev
mailing list