- From: Seth Brown <learc83@gmail.com>
- Date: Wed, 29 Dec 2010 12:18:23 -0500
"unless you've changed security related settings." How is that any different from the proposal? Accessing the device tag should require user consent--the same as changing "security related settings." On Wed, Dec 29, 2010 at 12:04 PM, Jonas Sicking <jonas at sicking.cc> wrote: > On Wed, Dec 29, 2010 at 6:48 AM, Diego Perini <diego.perini at gmail.com> wrote: >> Hmmm... >> >> I can currently read incoming RS232 and USB data in my OS X using >> Firefox 3.6.13 and the "file:" protocol: >> >> ? file:///dev/tty.BT-GPS010B62-SerialPort >> >> do I have an insecure system ? An insecure browser ? > > Can you do that from a webpage served from a http server? Can you do > that from a HTML file saved to your desktop? Can you do that from a > HTML file saved anywhere else on your filesystem? > > For firefox, the answer should be "no" in all three cases, unless > you've changed security related settings. Thus the answer to your > questions should be "no". Definitely file a bug on Firefox > (bugzilla.mozilla.org) if that isn't the case. > > / Jonas >
Received on Wednesday, 29 December 2010 09:18:23 UTC