Full Disclosure mailing list archives

RE: A Popup! In Mozilla!

From: John Dowling <greyhatthe2nd () yahoo com>
Date: Wed, 21 Jul 2004 13:56:01 -0700 (PDT)

I disagree.

Initially, the image used in that popup actually comes
from a different server, but that's trivial.  What I
see as a bigger issue is that blocking the image from
the server leaves the user with an empty div block
covering the page, and blocking the site serving the
div content could essentially render the div
'uncloseable'.  Of course, this is more along the
lines of browseability, and does not seem to have any
very obvious security implications above and beyond
what can be served via a page without the annoying
<div>.

-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On
Behalf Of Charles Richmond
Sent: Wednesday, July 21, 2004 7:48 AM
To: Dave King
Cc: Full Disclosure; James Woodcock
Subject: Re: [Full-disclosure] A Popup! In Mozilla!

Add the following to adblock

        http://2-spyware.com/images/*

On Jul 21, 2004, at 1:44 AM, Dave King wrote:

This isn't a normal "popup" in that it doesn't open

a new browser

window.  All they're doing is placing this great

animated gif  over

the middle of the page using absolute positioning in

the DIV tag.

Notice that it looks like an IE window even in

Firefox.  Really this

is a sneaky trick that is pretty annoying.  I think

this type of ad

placement is going to be hard to block since most of

the time absolute

positioning images is just part of the normal page

and has nothing to

do with ads, even though I guess at one time pop-ups

were used

legitimately almost exclusively.  At least this page

seems to be

thoughtful enough to only display the ad the first

time you visit it.

Tricky little devils aren't they (and getting

trickier all the time).


                                                  
Charles Richmond

       Implemented Integrated Systems Corporation 
http://www.iisc.com
     O/S, I18N, Systems Development, Process and
Integration Providers
     cmr () iisc com   cmr () acm org   YIM:cmriisc 
http://www.iisc.com/cmr
            7B West St., Somerville, Ma. USA 02144 
(781) 389 9777

_______________________________________________
Full-Disclosure - We believe in it.
Charter:
http://lists.netsys.com/full-disclosure-charter.html



                
__________________________________
Do you Yahoo!?
Yahoo! Mail - Helps protect you from nasty viruses.
http://promotions.yahoo.com/new_mail

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Current thread:

A Popup! In Mozilla! James Woodcock (Jul 20)
- Re: A Popup! In Mozilla! Duncan Hill (Jul 20)
- Re: A Popup! In Mozilla! Andrew Farmer (Jul 20)
- Re: A Popup! In Mozilla! Jesse Ruderman (Jul 21)
- Re: A Popup! In Mozilla! Xavier Beaudouin (Jul 21)
- Re: A Popup! In Mozilla! Dave King (Jul 21)
  - Re: A Popup! In Mozilla! Charles Richmond (Jul 21)
  - Re: A Popup! In Mozilla! a (Jul 21)
    - Re: A Popup! In Mozilla! Szilveszter Adam (Jul 21)
- <Possible follow-ups>
- Re: A Popup! In Mozilla! John Dowling (Jul 21)
- RE: A Popup! In Mozilla! John Dowling (Jul 21)
  - Re: A Popup! In Mozilla! Charles Richmond (Jul 21)