"Jay Calvert" <> wrote in message
news:cv2f83$thr$...
>A serious vulnerability has been found in Microsoft's IE and Outlook
>Express products that spoof the destination URL in the Status bar.
>
>
> http://habaneronetworks.com/viewArticle.php?ID=140
So what is it that Firefox doesn't support? Inline style sheets within
an attribute (the "<u style=...>text</u> lines)? The "cursor: pointer"
attribute within the style sheet? Or using labels within control (the
"id=..." attribute within the <A> tag for the link for
spreadfirefox.com), or the <label> tag within which the inline style got
used that had the pointer attribute for the cursor?
I'm no HTML guru but I have to wonder why there is a need for a pointer
attribute for the cursor within a style sheet (CSS2 spec, cursor
property,
http://www.w3.org/TR/1998/REC-CSS2-1...#cursor-props).
Maybe Firefox doesn't support CSS2 (since I didn't see the cursor
property in the CSS1 spec at
http://www.w3.org/TR/REC-CSS1-961217.html).
Supposedly Firefox supports CSS (see
http://www.w3.org/Style/CSS/#browsers) but maybe it only supports CSS1.
I know that Firefox supports some CSS because some of its config files
are .css files. According to the description on
http://www.mozilla.org/docs/web-developer/, Firefox probably only partly
supports CSS2. So if Firefox ever gets finished and then fully supports
CSS2 then it, too, might be just as susceptible.
One of the ****ers with cascading style sheets is they can also be used
to present pseudo-popups as either roll-down or popup windows within the
web page. Since this is content within the same web page, popup
blockers won't work on them. If you block or disable CSS then stuff
like roll-down menues won't work, so some forums won't work (since they
use an onhover event or onclick event to show the roll-down CSS menu).
By the way, while searching around Mozilla.org for it's support of the
cursor property in an inline style sheet for CSS2, I found
http://www.mozilla.org/xpfe/xulref/grippy.html. So Firefox might
actually support CSS2's cursor property but deliberately obviate the
example obfuscation code noted in the Habenero article. However, if
Firefox supports "grippies" then clicking on one could also put you on a
different site that simply recreated the same web content (i.e., the
page looks alike) but be very different underneath as to what it does.
Any clickable object could be moving you somewhere else, not just the
example here of clicking on a clickable text string.
Still, it looks like a defect in IE that it shows the label of the
control in the status bar instead of the control's actual destination.
This really isn't something new. It's been a couple years that I've
noticed when hovering over a link that sometimes what you see instead of
the URL is some "info" text.
--
__________________________________________________ __________
Post your replies to the newsgroup. Share with others.
E-mail reply: Remove "NIXTHIS" and add "#VS811" to Subject.
__________________________________________________ __________
Similar Threads
