lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Message-ID: <40FFFECB.7000001@lava.net>
From: prb at lava.net (Peter Besenbruch)
Subject: multiple web browsers, multiple bugs - onUnload
 and location.href

Rudolf Polzer wrote:
> ...Try http://www.informatik.uni-frankfurt.de/~polzer/rbiclan/location
> 
> The page is SUPPOSED to prevent going to somewhere else by changing
> the URL back in onUnload (even that is already a reason to disable
> JavaScript).
> 
> The interesting part is: depending on browser, you see different bugs...
> 
> Mozilla, Netscape 7 or Firefox: almost works correctly. Except for two
> small bugs: View source shows the source of Google or where you TRIED
> to go to, while you SEE the unload-trap page. The other bug: when you
> close the browser window, onUnload is executed TWICE (you see two
> alert boxes, with the number increasing) and the new page is loaded,
> but not displayed. But the view-source bug somehow looks suspicious.
> Do other parts of Mozilla think it was another website too?

I ran Firefox 0.8 for Linux on KDE, and enabled all Javascript 
capabilities in my options for this test. I also run with the Tabbrowser 
Extensions set to open all clicked links in a new tab. I ran into what 
you described, with the exception that viewing the source of the 
original page and the links worked fine. The other links also opened 
properly in new tabs, with no alerts. One of the features of the 
Tabbrowser Extension that I appreciate is the ability to surf with 
Javascript disabled, but with the ability to activate it via a double 
click for those Web sites that need it.
________________________________________________________________

Hawaiian Astronomical Society: http://www.hawastsoc.org
HAS Deepsky Atlas: http://www.hawastsoc.org/deepsky

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ