Full Disclosure mailing list archives

Re: A Popup! In Mozilla!

From: Duncan Hill <dhill+fulldisc () cricalix net>
Date: Wed, 21 Jul 2004 06:20:35 +0100

On Wednesday 21 July 2004 05:13, James Woodcock wrote:

This might seem like it should be going to a webdev list, but there's a
possible security implication, so here goes;

http://2-spyware.com/file-cnfrm-exe.html

In Mozilla 1.5 and FireFox 0.9 with the pop-up blocker turned on, I get
a pop-up! It's purporting to be an important notice from my Network
Administrator - you'll probably recognise it;


Not a popup in the traditional sense, merely a DIV layer that sits above the 
main page content.  Konqueror loads it too, but gets the rendering levels 
slightly wrong (or right) and the page just looks a bit wrong.

Traditional popups are created with javascript, which is what the popup 
blockers look for (afaik) - window.open.

Is a web browser supposed to be able to render code outside the
<html></html> tags?


I don't think they're meant to, but many of them do anyway.

As for IE - IE does weird shit with pages.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

A Popup! In Mozilla! James Woodcock (Jul 20)
- Re: A Popup! In Mozilla! Duncan Hill (Jul 20)
- Re: A Popup! In Mozilla! Andrew Farmer (Jul 20)
- Re: A Popup! In Mozilla! Jesse Ruderman (Jul 21)
- Re: A Popup! In Mozilla! Xavier Beaudouin (Jul 21)
- Re: A Popup! In Mozilla! Dave King (Jul 21)
  - Re: A Popup! In Mozilla! Charles Richmond (Jul 21)
  - Re: A Popup! In Mozilla! a (Jul 21)
    - Re: A Popup! In Mozilla! Szilveszter Adam (Jul 21)
- <Possible follow-ups>
- Re: A Popup! In Mozilla! John Dowling (Jul 21)
- RE: A Popup! In Mozilla! John Dowling (Jul 21)
  - Re: A Popup! In Mozilla! Charles Richmond (Jul 21)