[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-Disclosure] A Popup! In Mozilla!

To: John Dowling <greyhatthe2nd@xxxxxxxxx>
Subject: Re: [Full-Disclosure] A Popup! In Mozilla!
From: Charles Richmond <cmr@xxxxxxxx>
Date: Wed, 21 Jul 2004 18:17:09 -0400

On Jul 21, 2004, at 4:56 PM, John Dowling wrote:

I disagree.

Initially, the image used in that popup actually comes
from a different server, but that's trivial.  What I
see as a bigger issue is that blocking the image from
the server leaves the user with an empty div block
covering the page, and blocking the site serving the
div content could essentially render the div
'uncloseable'.  Of course, this is more along the
lines of browseability, and does not seem to have any
very obvious security implications above and beyond
what can be served via a page without the annoying
<div>.


You have a good point so I went back to take a look. There
are 2 factors that ameliorate that issue. The first is that I
am unlikely to want to click through on a page that is doing
that and even less likely to want my users to do so :) The
second is that the "Nuke Anything"  Firefox extension was
able to remove the <div> with a simple right-click -> remove

Charles Richmond

      Implemented Integrated Systems Corporation  http://www.iisc.com
    O/S, I18N, Systems Development, Process and Integration Providers
    cmr@xxxxxxxx   cmr@xxxxxxx   YIM:cmriisc  http://www.iisc.com/cmr
           7B West St., Somerville, Ma. USA 02144  (781) 389 9777

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

References:
- RE: [Full-Disclosure] A Popup! In Mozilla!
  - From: John Dowling

Prev by Date: RE: [Full-Disclosure] IE
Next by Date: Re: [Full-Disclosure] IE
Previous by thread: RE: [Full-Disclosure] A Popup! In Mozilla!
Next by thread: [Full-Disclosure] Vulnerability in sourceforge.net
Index(es):
- Date
- Thread