Bugtraq mailing list archives
Re: New possible scam method : forged websites using XUL (Firefox)
From: "Peter J. Holzer" <hjp () wsr ac at>
Date: Tue, 3 Aug 2004 10:11:16 +0200
On 2004-08-02 11:59:17 +0200, Peter J. Holzer wrote:
* add a UI to the "allow javascript only from trusted sites" feature. (few people know that mozilla can do that, and even for those, editing user.js is tedious).
More on the lines of "few people know that Mozilla can do that": Daniel Veditz wrote in <URL:http://bugzilla.mozilla.org/show_bug.cgi?id=22183#c97>: | Or we could just force the location bar to be on using the existing | pref, but obviously there must be some reluctance to that or it'd be | done already. So I started to look for the "existing pref", and sure enough, if you write user_pref("dom.disable_window_open_feature.location", true); in your prefs.js, the spoof looks much less convincing. (You can also set this preference via "about:config".) hp -- _ | Peter J. Holzer | Shooting the users in the foot is bad. |_|_) | Sysadmin WSR / LUGA | Giving them a gun isn't. | | | hjp () wsr ac at | -- Gordon Schumacher, __/ | http://www.hjp.at/ | mozilla bug #84128
Attachment:
_bin
Description:
Current thread:
- RE: New possible scam method : forged websites using XUL (Firefox) Thomas T. Evans, III (Aug 02)
- <Possible follow-ups>
- Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 02)
- Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 03)
- Re: New possible scam method : forged websites using XUL (Firefox) Kim Scarborough (Aug 03)
- Re: New possible scam method : forged websites using XUL (Firefox) Michael Reilly (Aug 03)
- Re: New possible scam method : forged websites using XUL (Firefox) Peter J. Holzer (Aug 03)
- Re: New possible scam method : forged websites using XUL (Firefox) Nicholas Knight (Aug 02)