[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] A Popup! In Mozilla!
- To: full-disclosure@xxxxxxxxxxxxxxxx
- Subject: Re: [Full-Disclosure] A Popup! In Mozilla!
- From: John Dowling <greyhatthe2nd@xxxxxxxxx>
- Date: Tue, 20 Jul 2004 22:52:58 -0700 (PDT)
James,
That's a natural workaround to allow the site to
continue to generate impressions of popups they sell.
This <div> tag allows a 'chromeless window' to appear
at z-index 3, floating above the normal browser
window. As this image is a capture from a winXP box
with default color scheme, this trick does not appear
tricky at all on other systems.
What does suck, however, about this method of delivery
(besides getting an ad at all) is that one must hope
that there is a legitimate 'close'(hide) method
somewhere within the <div>, else we are left with the
'popup'.
People like myself, that already have blocked the site
serving the content (using HOSTS) are, well, hosed.
/jd
--------------------------------------------------------------------------------
Show full headers : From: James Woodcock
<spamtrap2@xxxxxxxxxxxxxxxx> [+] [ ]
To: Full Disclosure <full-disclosure@xxxxxxxxxxxxxxxx>
[+]
Subject: [Full-Disclosure] A Popup! In Mozilla! [ ]
Date: Wed, 21 Jul 2004 14:13:09 +1000
--------------------------------------------------------------------------------
This might seem like it should be going to a webdev
list, but there's a
possible security implication, so here goes;
http://2-spyware.com/file-cnfrm-exe.html
In Mozilla 1.5 and FireFox 0.9 with the pop-up blocker
turned on, I get
a pop-up! It's purporting to be an important notice
from my Network
Administrator - you'll probably recognise it;
http://2-spyware.com/images/2SPYRR1C.gif
Looking at the source of the page, I see that the
pop-up is being
generated by a <DIV> statement that comes after the
closing </html> tag
which - I thought - was supposed to indicate the end
of the document.
Is a web browser supposed to be able to render code
outside the
<html></html> tags?
Using IE 6.0.2800.1106, on viewing the source, I find
that the DIV
statement that followed the closing </html> tag is now
the last
statement BEFORE the </html> tag. What gives?
James
_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html