Full Disclosure mailing list archives
Re: A Popup! In Mozilla!
From: John Dowling <greyhatthe2nd () yahoo com>
Date: Tue, 20 Jul 2004 22:52:58 -0700 (PDT)
James, That's a natural workaround to allow the site to continue to generate impressions of popups they sell. This <div> tag allows a 'chromeless window' to appear at z-index 3, floating above the normal browser window. As this image is a capture from a winXP box with default color scheme, this trick does not appear tricky at all on other systems. What does suck, however, about this method of delivery (besides getting an ad at all) is that one must hope that there is a legitimate 'close'(hide) method somewhere within the <div>, else we are left with the 'popup'. People like myself, that already have blocked the site serving the content (using HOSTS) are, well, hosed. /jd -------------------------------------------------------------------------------- Show full headers : From: James Woodcock <spamtrap2 () austarnet com au> [+] [ ] To: Full Disclosure <full-disclosure () lists netsys com> [+] Subject: [Full-disclosure] A Popup! In Mozilla! [ ] Date: Wed, 21 Jul 2004 14:13:09 +1000 -------------------------------------------------------------------------------- This might seem like it should be going to a webdev list, but there's a possible security implication, so here goes; http://2-spyware.com/file-cnfrm-exe.html In Mozilla 1.5 and FireFox 0.9 with the pop-up blocker turned on, I get a pop-up! It's purporting to be an important notice from my Network Administrator - you'll probably recognise it; http://2-spyware.com/images/2SPYRR1C.gif Looking at the source of the page, I see that the pop-up is being generated by a <DIV> statement that comes after the closing </html> tag which - I thought - was supposed to indicate the end of the document. Is a web browser supposed to be able to render code outside the <html></html> tags? Using IE 6.0.2800.1106, on viewing the source, I find that the DIV statement that followed the closing </html> tag is now the last statement BEFORE the </html> tag. What gives? James _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html __________________________________ Do you Yahoo!? Vote for the stars of Yahoo!'s next ad campaign! http://advision.webevents.yahoo.com/yahoo/votelifeengine/ _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- A Popup! In Mozilla! James Woodcock (Jul 20)
- Re: A Popup! In Mozilla! Duncan Hill (Jul 20)
- Re: A Popup! In Mozilla! Andrew Farmer (Jul 20)
- Re: A Popup! In Mozilla! Jesse Ruderman (Jul 21)
- Re: A Popup! In Mozilla! Xavier Beaudouin (Jul 21)
- Re: A Popup! In Mozilla! Dave King (Jul 21)
- Re: A Popup! In Mozilla! Charles Richmond (Jul 21)
- Re: A Popup! In Mozilla! a (Jul 21)
- Re: A Popup! In Mozilla! Szilveszter Adam (Jul 21)
- <Possible follow-ups>
- Re: A Popup! In Mozilla! John Dowling (Jul 21)
- RE: A Popup! In Mozilla! John Dowling (Jul 21)
- Re: A Popup! In Mozilla! Charles Richmond (Jul 21)