[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] A Popup! In Mozilla!
- To: James Woodcock <spamtrap2@xxxxxxxxxxxxxxxx>
- Subject: Re: [Full-Disclosure] A Popup! In Mozilla!
- From: Xavier Beaudouin <kiwi@xxxxxxx>
- Date: Wed, 21 Jul 2004 11:38:25 +0200
Le 21 juil. 04, à 06:13, James Woodcock a écrit :
This might seem like it should be going to a webdev list, but there's
a possible security implication, so here goes;
http://2-spyware.com/file-cnfrm-exe.html
In Mozilla 1.5 and FireFox 0.9 with the pop-up blocker turned on, I
get a pop-up! It's purporting to be an important notice from my
Network Administrator - you'll probably recognise it;
http://2-spyware.com/images/2SPYRR1C.gif
Looking at the source of the page, I see that the pop-up is being
generated by a <DIV> statement that comes after the closing </html>
tag which - I thought - was supposed to indicate the end of the
document.
This is not a popup as you think it is... It is plain <div></> html
with html layers.
In fact you have think it is a popup because it looks like a Windows XP
dialog box. For example on other OS (OS X, Linux, W2k, .... whatever)
you see that this dialog box is not from browser but a fake one...
This kind of ads with layers are more and more common... See Lycos
webhosting for example, all ads are shown like this...
/Xavier
--
Xavier Beaudouin - Unix System Administrator & Projects Leader.
President of Kazar Organization : http://www.kazar.net/
Please visit http://caudium.net/, home of Caudium & Camas projects
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html