Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: A Popup! In Mozilla!
From: John Dowling <greyhatthe2nd () yahoo com>
Date: Tue, 20 Jul 2004 22:52:58 -0700 (PDT)

James,

That's a natural workaround to allow the site to
continue to generate impressions of popups they sell.
This <div> tag allows a 'chromeless window' to appear
at z-index 3, floating above the normal browser
window.  As this image is a capture from a winXP box
with default color scheme, this trick does not appear
tricky  at all on other systems.  

What does suck, however, about this method of delivery
(besides getting an ad at all) is that one must hope
that there is a legitimate 'close'(hide) method
somewhere within the <div>, else we are left with the
'popup'.

People like myself, that already have blocked the site
serving the content (using HOSTS) are, well, hosed.

/jd

--------------------------------------------------------------------------------

Show full headers :  From: James Woodcock
<spamtrap2 () austarnet com au>  [+]  [ ] 
To: Full Disclosure <full-disclosure () lists netsys com>
 [+] 
Subject: [Full-disclosure] A Popup! In Mozilla!   [ ] 
Date: Wed, 21 Jul 2004 14:13:09 +1000  
 
 

--------------------------------------------------------------------------------

This might seem like it should be going to a webdev
list, but there's a 
possible security implication, so here goes;

http://2-spyware.com/file-cnfrm-exe.html

In Mozilla 1.5 and FireFox 0.9 with the pop-up blocker
turned on, I get 
a pop-up! It's purporting to be an important notice
from my Network 
Administrator - you'll probably recognise it;

http://2-spyware.com/images/2SPYRR1C.gif

Looking at the source of the page, I see that the
pop-up is being 
generated by a <DIV> statement that comes after the
closing </html> tag 
 which - I thought - was supposed to indicate the end
of the document.

Is a web browser supposed to be able to render code
outside the 
<html></html> tags?

Using IE 6.0.2800.1106, on viewing the source, I find
that the DIV 
statement that followed the closing </html> tag is now
the last 
statement BEFORE the </html> tag. What gives?

James


_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html
 
 
 

 



        
                
__________________________________
Do you Yahoo!?
Vote for the stars of Yahoo!'s next ad campaign!
http://advision.webevents.yahoo.com/yahoo/votelifeengine/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]