Full Disclosure mailing list archives
RE: IE
From: "rst" <rst () zaebiz com>
Date: Wed, 21 Jul 2004 12:41:15 +0400
The browser version could be checked using Jscript. <script language="JScript"> alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent); </script> Run script above and feel happy. Basically - you can setup the firewall to filter the user-agent like strings (Not only in headers). -----Original Message----- From: full-disclosure-admin () lists netsys com [mailto:full-disclosure-admin () lists netsys com] On Behalf Of nicolas vigier Sent: Monday, July 19, 2004 3:47 PM To: Ill will Cc: full-disclosure () lists netsys com Subject: Re: [Full-disclosure] IE On Sun, 18 Jul 2004, Ill will wrote:
"user-agent contains very little _sensitive_ info" user agents could be used for exploits.. like redirecting the browser to whatever exploit page by the definition of what browser is connecting to it etc.. so it would be a good idea for some people to conseal what type of browser is defined in the headers
And you can feel safe with that ? Someone can put an exploit on a page without checking your browser before. The real solution is to use a browser with no known vulnerability (and that's better if it didn't have a lot in the past), not to try to hide what you are using. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Re: IE, (continued)
- Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE Full-Disclosure (Jul 20)
- Threat Models (was Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE now on-topic Andrew Latham (Jul 20)
- Motivations... (was Re: IE now on-topic Valdis . Kletnieks (Jul 20)
- Re: Motivations... (was IE now on-topic Andrew Latham (Jul 20)
- Re: Motivations... of White Hats VX Dude (Jul 21)
- Re: IE Valdis . Kletnieks (Jul 20)
- Re: IE Syke (Jul 21)