Register

If this is your first visit, please click the Sign Up now button to begin the process of creating your account so you can begin posting on our forums! The Sign Up process will only take up about a minute of two of your time.

Results 1 to 5 of 5
  1. #1
    Senior Member mixu's Avatar
    Join Date
    Aug 2003
    Posts
    217
    Member #
    2815
    I was shocked to see this exploit (http://www.nd.edu/~jsmith30/xul/test/spoof.html) work on my recently upgraded copy (to FF0.9.3 from FireBird) of FireFox. Why is this not fixed if the Mozilla organization knows about it?? And why didn't anyone tell me about this??

    Try it for yourself, it's rather shocking.

  2.  

  3. #2
    Senior Member ajaspers's Avatar
    Join Date
    Apr 2003
    Posts
    149
    Member #
    1150
    I have all the "dom.disable_window_open_feature.*" config options set to true, so popups can't hide the location bar or anything. Still a big deal though - you can't expect regular users to make any changes to "secure" their browser.

  4. #3
    Senior Member Brak's Avatar
    Join Date
    Apr 2003
    Location
    San Francisco, CA
    Posts
    3,413
    Member #
    1217
    Liked
    2 times
    Yeah, they've known about XUL spoofing for years.

    Scarier is the fact that it's present in IE as well (different method, same result). clueless IE user + spoofing = major fraud.
    Kyle Neath: Rockstar extraordinare
    The blog | The poetry site | The Spore site

  5. #4
    Senior Member justlivyalife's Avatar
    Join Date
    Jul 2003
    Location
    Birmingham, UK
    Posts
    2,871
    Member #
    2374
    Presumably this can't happen when you have all pop-ups blocked and use tab-browser extensions to limit it to just one window. I also have an extra menu-bar, so hopefully I'm safe!
    justlivyalife - The future depends on what we do in the present. (Mahatma Gandhi)
    WDF Resources: WDF Rules
    Non-WDF: JavascriptSource | Dynamic Drive | phpBB | HTML-Kit | Winamp | Download Firefox | Morguefile

  6. #5
    Senior Member
    Join Date
    Aug 2003
    Posts
    444
    Member #
    2801
    Just make sure that the status bar is always visible!
    eKstreme
    eKstreme.com - Free website tools!
    fontfox - free fonts Hand-picked quality fonts.


Remove Ads

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
All times are GMT -6. The time now is 10:52 PM.
Powered by vBulletin® Version 4.2.3
Copyright © 2019 vBulletin Solutions, Inc. All rights reserved.
vBulletin Skin By: PurevB.com