Firefox 1.02

[t0rek]

Yep, Firefox 1.02 has been released today. Here's what they changed:



http://www.mozilla.org/projects/secu...abilities.html

As usual you can download it at www.mozilla.org

[Doomulation]

That's not much
Hardly worth downloading since it means closing down all the tabs you're using... hehe.
I wish they'd sort out the small annoying issues instead.

[Bengoshia]

They need to update their ad-blocking materials. Now these friggen "pop-unders" are coming up, what happens is you go to a site, and it'll pop up but then immediately drop down so you don't see it. So then when your x-ing out you see crap loads of ads.

[2fast4u]

uh, how would that work? a popup blocker prevents *any* windows from poppping up usually. whether its visible or not doesnt matter ... the concept is to prevent any windows that arent specifically opened from appearing at all.

[2fast4u]

That's not much
Hardly worth downloading since it means closing down all the tabs you're using... hehe.
I wish they'd sort out the small annoying issues instead.

they actually fixed a rather critical problem so im quite happy they put out a small release. its not really a regular update, more a security fix. since firefox is becoming increasingly popular in the mainstream market its good to see them respond to those issues fast as the people trying to exploit vulnerabilites firefox is bound to rise in future.

http://www.mozilla.org/security/anno...sa2005-30.html

An GIF processing error when parsing the obsolete Netscape extension 2 can lead to an exploitable heap overrun, allowing an attacker to run arbitrary code on the user's machine.

[Gladiac0190]

This update is quite important btw... 3 security holes got closed...

the popupshit that is getting more and more popular works using flash... here examples:

old school (using javascript):

PHP Code:

window.onclick=pop;
function pop() {window.open('http://www.kernel.org')} 


new school with flash:

PHP Code:

<embed src=http://cdn.fastclick.net/fastclick.net/ffp.swf?url=http%3A//www.kernel.org&width=200&height=200&top=100&left=100" quality="high" wmode="transparent" width="1" height="1" allowScriptAccess="always" type="application/x-shockwave-flash"/> 


Those are not blockable since popupblockers can only block things, that get compiled by the browser itselfs. Flash is not part of it. Macromedia should integrate somethling like a popup-blocker into their plugin ot integrate an interface where the browser is able to decide...

[2fast4u]

iirc you can block out flash elements with the "adblock" extension to firefox though problem is, there is no automatic blocking possible here.

[zAlbee]

www.zophar.net pops up on me... from what i can tell, it takes advantage of firefox allowing popups that occur when the user clicks (probably assumes that the user wanted that popup). so it just popups when you click anywhere on the window. it also has a multitude of extra workarounds for other popup blockers (norton internet security is mentioned), but i don't know how effective those are.

[smegforbrain]

uh, how would that work? a popup blocker prevents *any* windows from poppping up usually. whether its visible or not doesnt matter ... the concept is to prevent any windows that arent specifically opened from appearing at all.

In concept, yes. And at first, Firefox's was flawless.

But either these sites are using old methods that Firefox didn't cover (for whatever reason) or there are new methods of getting popups to, well, pop up, because now and then I too will hit a site that gets a popup past Firefox.

[Gladiac0190]

www.zophar.net pops up on me... from what i can tell, it takes advantage of firefox allowing popups that occur when the user clicks (probably assumes that the user wanted that popup). so it just popups when you click anywhere on the window. it also has a multitude of extra workarounds for other popup blockers (norton internet security is mentioned), but i don't know how effective those are.

Hmmm, just checking the source... zofar.net includes a javascript-file... here the codesnip:

PHP Code:

<script language=javascript><!--
var HMsection = "zo";
//--></script>
<SCRIPT LANGUAGE="JavaScript"
SRC="http://www.hermoment.com/realmedia/ads/click_px.js"></SCRIPT> 


the js-file's scripting-contents are:

PHP Code:

var HMpxServerURL = "http://www.hermoment.com/realmedia/ads/click_px.mvc"; 
var HMpxsectionURL = HMpxServerURL+'?'+HMsection;
document.write('<IFRAME NORESIZE=NORESIZE FRAMEBORDER=0 WIDTH=1 HEIGHT=1 MARGINWIDTH=0 MARGINHEIGHT=0 SCROLLING=NO SRC='+HMpxsectionURL+'></IFRAME><br>'); 


what shall i say... outputs are now in an iframe... seems to be one more method to make popups possible... The .msv-file's contents are also javascripts referring to a cgi-script...

see here

PHP Code:

<META HTTP-EQUIV="Set-Cookie" CONTENT="coSHORT=AT; expires=Friday, 31-Dec-2008 23:59:59 GMT; path=/">
<script language="javascript">
<!--//
    var rnum=new Number(Math.floor(99999999 * Math.random())+1); 
    var AdURL = "http://ad.trafficmp.com/tmpad/banner/itrack.asp?id=4157&nojs=1&rnd="+rnum;
       var popwindow = window.open(AdURL,"Ad","width=720,height=300,toolbar=no,location=no,directories=no,status=no,menubar=no,scrollbars=no,resizable=no");
       // var popwindow = window.open(AdURL,"Ad","width=720,height=300,toolbar=yes,location=yes,directories=yes,status=yes,menubar=yes,scrollbars=yes,resizable=yes");
       popwindow.blur();
       self.focus();
   //-->
</script>
<META HTTP-EQUIV="Set-Cookie" CONTENT="pTM1t=1112216949; expires=Friday, 31-Dec-2008 23:59:59 GMT; path=/">
<script>
<!-- //
lok="http://www.clicksplus.com/cgi-bin/logitpro/logitpro.cgi";
d=document;
document.write('<img src="'+lok+'?count&',
'jref='+escape(d.referrer)+'&',
'juri='+escape(d.location)+'" ',
' width=1 height=1 border=0 alt="LogIT PRO (www.logitpro.com)" nosave>');
    // -->
</script>
<script language="JavaScript">
<!-- //
jva="enabled";
    // -->
</script>
<script language="JavaScript1.2">
<!-- //
jva="enabled v1.2";
    // -->
</script>
<script language="JavaScript">
<!-- //
    lk="http://www.clicksplus.com/cgi-bin/logitpro/logitpro.cgi";
    d=document;s=screen;nav=navigator.appName;sw=s.width;sh=s.height;j="0";cd="0";
    nav!="Netscape"?cd=s.colorDepth:cd=s.pixelDepth;
    document.write('<img src="'+lk+'?ctrk=1&sw='+sw+'&sh='+sh+'&cd='+cd+'&jva='+jva+'" width=1 height=1 alt="LogIT PRO VIP">'+'');
    // -->
</script>
<NOSCRIPT>
<IMG SRC="http://www.clicksplus.com/cgi-bin/logitpro/logitpro.cgi?nojva" ALT="LogIT PRO VIP" BORDER=0 width=1 height=1>
</NOSCRIPT> 


I can't get the output without f**king around with a self-written file giving the cgi the paramters it wants... maybe there's a flash-file to be included or maybe not... ah, i get sick of this...