* Michal Zalewski:
> Similarly, he could spoof a native browser-originating modal warning or
> dialog to have the user do something dumb. This problem was addressed by
> forcibly prepending current site name to window title for all URL-bar-less
> windows, so that the Internet origin of such a pop-
On Thu, 22 Feb 2007, Florian Weimer wrote:
> This is the first time I read about the forced window title change. I
> hadn't noticed it earlier. Do you think this is a good enough security
> indicator (or indicator of origin, to be more precise)?
This is quite inadequate as far as protecting ine
> From: Michal Zalewski [mailto:[EMAIL PROTECTED]
> Sent: Friday, 16 February, 2007 17:51
> To: bugtraq@securityfocus.com
> Cc: full-disclosure@lists.grok.org.uk
>
> Firefox suffers from a design flaw that can be used to confuse casual
> users and evoke a false sense of authority when visiting a
On Sat, 17 Feb 2007 [EMAIL PROTECTED] wrote:
> I tested it in IE7 and has the same problem. Opera 9.10 blocks the
> opening of the new window but fails in the second button.
With MSIE7, it is possible only if you check 'Allow websites to open
windows without address or status bar' for that partic
I tested it in IE7 and has the same problem. Opera 9.10 blocks the opening of
the new window but fails in the second button.
