1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Netscape 7/Mozilla 1.1 Security Issue

Discussion in 'Firefox, Thunderbird & SeaMonkey' started by Ramona, 2002/09/16.

Thread Status:
Not open for further replies.
  1. 2002/09/16
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    Ramona,
    #1
  2. 2002/09/16
    brett

    brett Inactive Alumni

    Joined:
    2002/01/11
    Messages:
    2,058
    Likes Received:
    0
    :D
     
    brett,
    #2


  3. to hide this advert.

  4. 2002/09/16
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    :rolleyes:
     
    Ramona,
    #3
  5. 2002/09/16
    brett

    brett Inactive Alumni

    Joined:
    2002/01/11
    Messages:
    2,058
    Likes Received:
    0
    :p
     
    brett,
    #4
  6. 2002/09/16
    tranquilo

    tranquilo Inactive

    Joined:
    2001/12/31
    Messages:
    348
    Likes Received:
    0
    Yet another mention...
    http://online.securityfocus.com/archive/1/291378

    Instead of disabling js (not an option for everyone), you can simply use this workaround.

    in user.js/prefs.js add

    user_pref( "capability.policy.default.Window.onunload ", "noAccess ");


    Hopefully this is fixed soon.

    tranquilo
     
    tranquilo,
    #5
  7. 2002/09/16
    Ramona

    Ramona Geek Member Alumni Thread Starter

    Joined:
    2001/12/31
    Messages:
    7,481
    Likes Received:
    2
    tranquilo,

    I have seen that script posted elsewhere. Also this question, which was never answered. Perhaps you can answer the question:

    Adding the line to the user_pref didn't hurt, but does not stop all 'onUnload' functions. See, for example, http://www.idocs.com/tags/document/_BODY_onUnload.html
    In this example all of the commands are executed locally. Does the "noAccess" block communications back to servers?

    Thanks,

    Ramona :D
     
    Ramona,
    #6
  8. 2002/09/16
    tranquilo

    tranquilo Inactive

    Joined:
    2001/12/31
    Messages:
    348
    Likes Received:
    0
    True. I was able to stop that window from appearing by using the following (though I am not sure this all relates to the current privacy problem...)

    I disabled the user.js for testing...

    uncheck these two
    open unrequested windows
    raise or lower windows

    or just add these to the prefs.js
    user_pref( "dom.disable_open_during_load ", true);
    user_pref( "dom.disable_window_flip ", true);


    This worked even without this line

    user_pref( "capability.policy.default.Window.onunload ", "noAccess ");


    However, there is the possibility that some of the capability prefs could be combined to stop the alert window from that site. However, that would take a lot of testing (configure/test/restart/reconfigure/repeat).

    http://www.mozilla.org/docs/dom/domref/dom_window_ref.html
    http://www.mozilla.org/projects/security/components/ConfigPolicy.html

    tranquilo
     
    tranquilo,
    #7
Thread Status:
Not open for further replies.

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...