Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

Re: A Popup! In Mozilla!
From: Charles Richmond <cmr () iisc com>
Date: Wed, 21 Jul 2004 18:17:09 -0400


On Jul 21, 2004, at 4:56 PM, John Dowling wrote:

I disagree.

Initially, the image used in that popup actually comes
from a different server, but that's trivial.  What I
see as a bigger issue is that blocking the image from
the server leaves the user with an empty div block
covering the page, and blocking the site serving the
div content could essentially render the div
'uncloseable'.  Of course, this is more along the
lines of browseability, and does not seem to have any
very obvious security implications above and beyond
what can be served via a page without the annoying
<div>.

You have a good point so I went back to take a look. There
are 2 factors that ameliorate that issue. The first is that I
am unlikely to want to click through on a page that is doing
that and even less likely to want my users to do so :) The
second is that the "Nuke Anything"  Firefox extension was
able to remove the <div> with a simple right-click -> remove


                                                  Charles Richmond

      Implemented Integrated Systems Corporation  http://www.iisc.com
    O/S, I18N, Systems Development, Process and Integration Providers
    cmr () iisc com   cmr () acm org   YIM:cmriisc  http://www.iisc.com/cmr
           7B West St., Somerville, Ma. USA 02144  (781) 389 9777

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault