|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Re: New possible scam method : forged websites using XUL (Firefox)
From: Peter J. Holzer (hjp
wsr.ac.at)
Date: Tue Aug 03 2004 - 03:11:16 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On 2004-08-02 11:59:17 +0200, Peter J. Holzer wrote:
> * add a UI to the "allow javascript only from trusted sites" feature.
> (few people know that mozilla can do that, and even for those, editing
> user.js is tedious).
More on the lines of "few people know that Mozilla can do that":
Daniel Veditz wrote in
<URL:http://bugzilla.mozilla.org/show_bug.cgi?id=22183#c97>:
| Or we could just force the location bar to be on using the existing
| pref, but obviously there must be some reluctance to that or it'd be
| done already.
So I started to look for the "existing pref", and sure enough, if you
write
user_pref("dom.disable_window_open_feature.location", true);
in your prefs.js, the spoof looks much less convincing.
(You can also set this preference via "about:config".)
hp
--
_ | Peter J. Holzer | Shooting the users in the foot is bad.
|_|_) | Sysadmin WSR / LUGA | Giving them a gun isn't.
| | | hjpwsr.ac.at | -- Gordon Schumacher,
__/ | http://www.hjp.at/ | mozilla bug #84128
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iQDQAwUBQQ9IpFLjemazOuKpAQFr5AXUCfAgCWZ8EPFWDA07jpZzS3aZLMhLemON
nktJn9gmRFFCztkTT5J9nVKZS9lfPHgcQeUF7XvmkwrzoOWUEoDJKuZm4DZz5sI8
uf3yPK/ZCKgTMeYCxF7yn90pI/xem9Sl8C3M8Bld2FW/LAkuEQUbvC3fxK7EV/Vw
Fu5fzq9/1Gv+i5xvuCPVOD+D/nrNeyA5UBUwJD9ZstO1pIVw6rf6glY+g3lDBCr7
0zMTLuFNV8k2kYP40c2VhDw/GA==
=dH2Q
-----END PGP SIGNATURE-----
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]