On Fri, Aug 24, 2007 at 11:03:49AM +0100, Dan Hatton wrote:
The fact that this happens at all, though, means that an x client running on machine A can tell an x client running on machine B to open a new tab/window pointing at a URL chosen by the client on machine A - even though the x server may be on A or B, or indeed on a third machine C. Does anyone have a view as to the security implications of this?
Yes, I knew about this aspect of Netscape/Mozilla/Firefox and it was something that used to cause me hassle at work. Linux on desktop machine and, of course, I had Firefox running there. If you then have a terminal window open on a Sun machine (our development target) and run Firefox it simply opens a new tab in the Linux one. Since the Linux firefox was often running on a different desktop it was very easy to miss it completely and think the your Firefox had been lost.
There's a way of preventing this different from what was given here, use the -no-remote command line option or set MOZ_NO_REMOTE in your environment.
However this doesn't really bear directly on my problem where I'm trying to run Firefox on a different system and a different DISPLAY, it just happens to have the same configuration files.