| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <B5261F1A-DB63-11D8-8598-000A959D1CB2@iisc.com>
From: cmr at iisc.com (Charles Richmond)
Subject: A Popup! In Mozilla!
On Jul 21, 2004, at 4:56 PM, John Dowling wrote:
> I disagree.
>
> Initially, the image used in that popup actually comes
> from a different server, but that's trivial. What I
> see as a bigger issue is that blocking the image from
> the server leaves the user with an empty div block
> covering the page, and blocking the site serving the
> div content could essentially render the div
> 'uncloseable'. Of course, this is more along the
> lines of browseability, and does not seem to have any
> very obvious security implications above and beyond
> what can be served via a page without the annoying
> <div>.
You have a good point so I went back to take a look. There
are 2 factors that ameliorate that issue. The first is that I
am unlikely to want to click through on a page that is doing
that and even less likely to want my users to do so :) The
second is that the "Nuke Anything" Firefox extension was
able to remove the <div> with a simple right-click -> remove
Charles Richmond
Implemented Integrated Systems Corporation http://www.iisc.com
O/S, I18N, Systems Development, Process and Integration Providers
cmr@...c.com cmr@....org YIM:cmriisc http://www.iisc.com/cmr
7B West St., Somerville, Ma. USA 02144 (781) 389 9777
Powered by blists - more mailing lists