Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
ChrisSD
on July 3, 2019
|
parent
|
context
|
favorite
| on:
Firefox Local Files Theft – Not Patched Yet
Because they already have the run of the user's profile. Why add additional complexity for less access?
Tiki
on July 4, 2019
[–]
Because you may of had zero access rather than some, for example a web dev who wouldn't click on an .exe but would open an .html file without a second thought. More access isn't necessarily always the end goal either.
dejaime
on July 4, 2019
|
parent
[–]
If someone is knowledgeable enough to not open a shady exe file, they'll probably not simply open any shady files, including doc, ppt, and html
pas
on July 4, 2019
|
root
|
parent
|
next
[–]
Nah, people are dumb (exhibit A: myself) and overly trusting of parsers/sandoxes.
posix_me_less
on July 4, 2019
|
root
|
parent
|
prev
[–]
Not true for html files. They are widely regarded as harmless.
dejaime
on July 17, 2019
|
root
|
parent
[–]
I have never seen anyone saying HTML files are harmless, and would definitely never say it myself.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
