Insomnia Security Advisories: Pidgin IM Insecure URL Handling Vulnerability

Paul Aurich paul at
Sat Jul 23 02:28:19 EDT 2011

And Daniel Atallah spoke on 07/22/2011 06:55 PM, saying:
> It doesn't seem reasonable for us to try to evaluate and decide what is
> safe or not for each scheme - we're going to get it wrong or be overly
> restrictive - this is a problem that the browser folks have clearly
> had to spend a lot of time thinking about, so why wouldn't we leverage
> that work?
> To be clear, I'm not suggesting that the current file:// handling
> isn't a problem.
> Am I completely off base here?

No.  I think we're in agreement on this.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 900 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the security mailing list