|
Full Disclosure
mailing list archives
Re: Firespoofing [Firefox 1.0]
From: Andrew Clover <and-bugtraq () doxdesk com>
Date: Tue, 11 Jan 2005 18:29:56 +0100
James Greenhalgh <james.greenhalgh () worldpay com> wrote:
It also doesn't work on non-Windows or with non-default colours.
Didn't work for Windows with default colours for me either; the real
dialogue box jumped to the front. I am still on a nightly just before
the 1.0 release though, and I believe it to be possible in theory. It
could also, I think, be made to work without the 'browsing full screen'
requirement.
Really - this is more a window management thing surely? If someone fell
for this, they'd deserve it to be honest.
It's window management, yeah, probably applicable to other browsers too,
and not nearly as bad as the IE chromeless window stuff because you do
get those extra couple of pixels of window edge to clue you in. But it's
still not good.
The real solution is to force toolbar+menubar+addrtessbar on for all
JavaScript pop-ups, at least as a default option setting. This would
also fix the recently publicised problem with targeting other sites'
pop-up windows for phishing.
--
Andrew Clover
mailto:and () doxdesk com
http://www.doxdesk.com/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
 By Date 
By Thread
Current thread:
|
Intro
