[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Full-Disclosure] A Popup! In Mozilla!
- To: John Dowling <greyhatthe2nd@xxxxxxxxx>
- Subject: Re: [Full-Disclosure] A Popup! In Mozilla!
- From: Charles Richmond <cmr@xxxxxxxx>
- Date: Wed, 21 Jul 2004 18:17:09 -0400
On Jul 21, 2004, at 4:56 PM, John Dowling wrote:
I disagree.
Initially, the image used in that popup actually comes
from a different server, but that's trivial. What I
see as a bigger issue is that blocking the image from
the server leaves the user with an empty div block
covering the page, and blocking the site serving the
div content could essentially render the div
'uncloseable'. Of course, this is more along the
lines of browseability, and does not seem to have any
very obvious security implications above and beyond
what can be served via a page without the annoying
<div>.
You have a good point so I went back to take a look. There
are 2 factors that ameliorate that issue. The first is that I
am unlikely to want to click through on a page that is doing
that and even less likely to want my users to do so :) The
second is that the "Nuke Anything" Firefox extension was
able to remove the <div> with a simple right-click -> remove
Charles Richmond
Implemented Integrated Systems Corporation http://www.iisc.com
O/S, I18N, Systems Development, Process and Integration Providers
cmr@xxxxxxxx cmr@xxxxxxx YIM:cmriisc http://www.iisc.com/cmr
7B West St., Somerville, Ma. USA 02144 (781) 389 9777
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html