MOAB 7 (and 6)

0 views
Skip to first unread message

Landon Fuller

unread,
Jan 7, 2007, 2:31:09 PM1/7/07
to moab...@googlegroups.com
http://projects.info-pull.com/moab/MOAB-07-01-2007.html

I'm thinking patch -[WebFrameBridge
runJavaScriptAlertPanelWithMessage:], with % escaping, same as
Finlay's iPhoto fix.

Also, I have a fix put together for MOAB 6, but I'd really like some
code review; I'll post the patch in a bit.

-landonf

PGP.sig

Landon Fuller

unread,
Jan 7, 2007, 2:52:08 PM1/7/07
to moab...@googlegroups.com

On Jan 7, 2007, at 11:31 AM, Landon Fuller wrote:

> http://projects.info-pull.com/moab/MOAB-07-01-2007.html
>
> I'm thinking patch -[WebFrameBridge
> runJavaScriptAlertPanelWithMessage:], with % escaping, same as
> Finlay's iPhoto fix.

Er, -[OWTab(WebUIDelegate) webView:runJavaScriptAlertPanelWithMessage:]
Rosyna pointed out that WebFrameBridge is in WebKit.

-landonf


PGP.sig

Finlay Dobbie

unread,
Jan 7, 2007, 3:15:27 PM1/7/07
to moab...@googlegroups.com

And as further clarification, this issue is specific to OmniWeb - it
is not "actually breaking WebKit" as claimed in the advisory. Shiira
is also not vulnerable, fwiw.

-- Finlay

mart...@gmail.com

unread,
Jan 7, 2007, 11:10:07 PM1/7/07
to MOAB Fixes
really tired of this BS, again this is not an Apple bug.

MOAB = MOB = a thousand other bugs in this category.

he is not sticking to his original concept.

Rosyna

unread,
Jan 7, 2007, 11:13:56 PM1/7/07
to moab...@googlegroups.com, mart...@gmail.com
You assume there was an original coherent concept and that they had a
plan that matched your expectations. ;-)

Ack, at 1/7/07, mart...@gmail.com said:

>he is not sticking to his original concept.

--


Sincerely,
Rosyna Keller
Technical Support/Carbon troll/Always needs a hug

Unsanity: Unsane Tools for Insanely Great People

It's either this, or imagining Phil Schiller in a thong.

Eric Hall

unread,
Jan 8, 2007, 12:18:38 AM1/8/07
to moab...@googlegroups.com

And OmniWeb 5.5.2 (released today I believe) is not vuln. to
MOAB 7. 5.5.2-beta4 was (tried it first).


-eric

Eric Hall

unread,
Jan 8, 2007, 12:30:16 AM1/8/07
to moab...@googlegroups.com
On Mon, Jan 08, 2007 at 05:18:38AM +0000, Eric Hall wrote:
[snip]

>
> And OmniWeb 5.5.2 (released today I believe) is not vuln. to
> MOAB 7. 5.5.2-beta4 was (tried it first).
>

And now I see I'm *way* behind for the day.

Nothing to see here, move along, move along.


missileboat

unread,
Jan 8, 2007, 2:33:44 AM1/8/07
to MOAB Fixes
{yawn} So where are the super nasty bugs? All I am seeing so far are
cute, fuzzy willy worms that likewise get run over by a car soon after
setting foot on the road...

Steven

Jens Ayton

unread,
Jan 8, 2007, 7:00:05 AM1/8/07
to moab...@googlegroups.com
martijn.s:

>
> really tired of this BS, again this is not an Apple bug.
>
> MOAB = MOB = a thousand other bugs in this category.
>
> he is not sticking to his original concept.

MoAB FAQ #3 (http://projects.info-pull.com/moab/):

Are Apple products the only one target of this initiative?

Not at all, but they are the main focus. We'll be looking over
popular OS X applications as well.

The threshold for "popular" as it relates to OmniWeb, VLC and Adobe
Reader is of course open to debate. :-)

However, I think Adobe Reader < 8 is quite likely to be widely
deployed, because:
a) Typical users are likely to believe web sites that say they "need"
Adobe Reader to read PDFs.
b) Typical users tend to ignore/avoid/fear updates.
c) Typical users suffer from significant inertia, and many are used to
Adobe Reader/Acrobat.

On the other paw, this category of users are unlikely to be applying
third-party bug-fix APEs.

As a side note, it's pretty obvious, but I haven't noticed anyone
mentioning it, so: PDF parsing bugs affecting Adobe Reader are likely to
affect Acrobat (pro) and quite likely other Adobe apps, too.


--
Jens Ayton

Sed quis custodiet ipsos custodes?

Reply all
Reply to author
Forward
0 new messages