lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Message-ID: <200407210620.36039.dhill+fulldisc@cricalix.net>
From: dhill+fulldisc at cricalix.net (Duncan Hill)
Subject: A Popup! In Mozilla!

On Wednesday 21 July 2004 05:13, James Woodcock wrote:
> This might seem like it should be going to a webdev list, but there's a
> possible security implication, so here goes;
>
> http://2-spyware.com/file-cnfrm-exe.html
>
> In Mozilla 1.5 and FireFox 0.9 with the pop-up blocker turned on, I get
> a pop-up! It's purporting to be an important notice from my Network
> Administrator - you'll probably recognise it;

Not a popup in the traditional sense, merely a DIV layer that sits above the 
main page content.  Konqueror loads it too, but gets the rendering levels 
slightly wrong (or right) and the page just looks a bit wrong.

Traditional popups are created with javascript, which is what the popup 
blockers look for (afaik) - window.open.

> Is a web browser supposed to be able to render code outside the
> <html></html> tags?

I don't think they're meant to, but many of them do anyway.

As for IE - IE does weird shit with pages.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ