[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [WEB SECURITY] Further CSS Firefox demo
- From: "Esam Gharish" <egharish@xxxxxxxxx>
- Subject: Re: [WEB SECURITY] Further CSS Firefox demo
- Date: Fri, 31 Aug 2007 16:48:05 +0100
------=_Part_9481_28520384.1188575285535
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hello again Gareth,
I only have the following plug-ins installed
1- Server Spy
2- Adblock Plus
3- Customize Google
4- Firebug
5- Web Developer
6- Skype Extension
I believe none of the above are designed for security purposes as far as I
am aware (adblock only blocks media objects)....and very much doubt that any
firewall would prevent CSS from rendering etc.
I'm pretty sure the script works...as I have read some of the responses on
your website and it seems to have worked on different machines....but I am
very curious as to why it is not working on mine.
I very much doubt that the following is a valid reason, but I am using
Windows XP Pro (with all the latest updates etc)...so if you or anyone who
managed to run the script successfully is running on a different
platform....can one assume that Firefox behaves differently on different
platforms...or is that not a reasonable assumption?
Regards,
Esam
On 8/31/07, gaz_sec@hushmail.com <gaz_sec@hushmail.com> wrote:
>
> Hi Esam
>
> It works on the latest version of Firefox 2.0.0.6
>
> Maybe you have a security plugin installed that will prevent it? If
> you do I'd be really interested in which one is stopping it because
> that would be most impressive.
>
> Cheers
>
> Gareth
>
> On Fri, 31 Aug 2007 16:21:48 +0100 Esam Gharish
> <egharish@gmail.com> wrote:
> >Hi Gareth,
> >
> >I've just had a look at your script....very interesting indeed.
> >
> >however, even though I was browsing on some of the sites, such as
> >Google.com,
> >and Amazon.com, today, it seems that the output generated suggests
> >that the
> >script does not work in Firefox2 (current version 2.0.0.6).
> >
> >So, are you using an earlier version of FF? or does the script
> >work only
> >under certain conditions? I will be interested in knowing why it
> >did not
> >work on my browser.
> >
> >Regards,
> >Esam.
> >
> >
> >
> >On 8/31/07, gaz_sec@hushmail.com <gaz_sec@hushmail.com> wrote:
> >>
> >> Hi all
> >>
> >> My CSK (CSS Scripting Kit) has been released today. I've found a
> >> way to do data storage in CSS without refreshing the page. The
> >code
> >> is in early stages but I shall be improving it all the time.
> >>
> >> <http://www.thespanner.co.uk/2007/08/31/csk-demo/>
> >>
> >> Cheers
> >>
> >> Gareth
> >>
> >> --
> >> Improve your career health. Click now to study nutrition!
> >>
> >>
> >http://tagline.hushmail.com/fc/Ioyw6h4eKcNNuDcIajwOYbZZQdWACkJbUkI8
> >nivIWyB9UBaom2cr26/
> >>
> >>
> >>
> >> -----------------------------------------------------------------
> >-----------
> >> Join us on IRC: irc.freenode.net #webappsec
> >>
> >> Have a question? Search The Web Security Mailing List Archives:
> >> http://www.webappsec.org/lists/websecurity/
> >>
> >> Subscribe via RSS:
> >> http://www.webappsec.org/rss/websecurity.rss [RSS Feed]
> >>
> >>
>
> --
> Click for free info on earning your associates degrees.
>
> http://tagline.hushmail.com/fc/Ioyw6h4dDtItoC8AtkpFInKjdv3IKsZ2KqeiNspL5CDOHMchriOR0v/
>
>
------=_Part_9481_28520384.1188575285535
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Hello again Gareth, <br><br>I only have the following plug-ins installed<br><br>1- Server Spy<br>2- Adblock Plus<br>3- Customize Google<br>4- Firebug<br>5- Web Developer<br>6- Skype Extension <br><br>I believe none of the above are designed for security purposes as far as I am aware (adblock only blocks media objects)....and very much doubt that any firewall would prevent CSS from rendering etc.
<br><br>I'm pretty sure the script works...as I have read some of the responses on your website and it seems to have worked on different machines....but I am very curious as to why it is not working on mine.<br><br>I very much doubt that the following is a valid reason, but I am using Windows XP Pro (with all the latest updates etc)...so if you or anyone who managed to run the script successfully is running on a different platform....can one assume that Firefox behaves differently on different platforms...or is that not a reasonable assumption?
<br><br>Regards, <br>Esam<br><br><div><span class="gmail_quote">On 8/31/07, <b class="gmail_sendername"><a href="mailto:gaz_sec@hushmail.com";>gaz_sec@hushmail.com</a></b> <<a href="mailto:gaz_sec@hushmail.com";>gaz_sec@hushmail.com
</a>> wrote:</span><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">Hi Esam<br><br>It works on the latest version of Firefox <a href="http://2.0.0.6";>
2.0.0.6</a><br><br>Maybe you have a security plugin installed that will prevent it? If<br>you do I'd be really interested in which one is stopping it because<br>that would be most impressive.<br><br>Cheers<br><br>Gareth
<br><br>On Fri, 31 Aug 2007 16:21:48 +0100 Esam Gharish<br><<a href="mailto:egharish@gmail.com";>egharish@gmail.com</a>> wrote:<br>>Hi Gareth,<br>><br>>I've just had a look at your script....very interesting indeed.
<br>><br>>however, even though I was browsing on some of the sites, such as<br>><a href="http://Google.com";>Google.com</a>,<br>>and <a href="http://Amazon.com";>Amazon.com</a>, today, it seems that the output generated suggests
<br>>that the<br>>script does not work in Firefox2 (current version <a href="http://2.0.0.6";>2.0.0.6</a>).<br>><br>>So, are you using an earlier version of FF? or does the script<br>>work only<br>>under certain conditions? I will be interested in knowing why it
<br>>did not<br>>work on my browser.<br>><br>>Regards,<br>>Esam.<br>><br>><br>><br>>On 8/31/07, <a href="mailto:gaz_sec@hushmail.com";>gaz_sec@hushmail.com</a> <<a href="mailto:gaz_sec@hushmail.com";>
gaz_sec@hushmail.com</a>> wrote:<br>>><br>>> Hi all<br>>><br>>> My CSK (CSS Scripting Kit) has been released today. I've found a<br>>> way to do data storage in CSS without refreshing the page. The
<br>>code<br>>> is in early stages but I shall be improving it all the time.<br>>><br>>> <<a href="http://www.thespanner.co.uk/2007/08/31/csk-demo/";>http://www.thespanner.co.uk/2007/08/31/csk-demo/
</a>><br>>><br>>> Cheers<br>>><br>>> Gareth<br>>><br>>> --<br>>> Improve your career health. Click now to study nutrition!<br>>><br>>><br>><a href="http://tagline.hushmail.com/fc/Ioyw6h4eKcNNuDcIajwOYbZZQdWACkJbUkI8";>
http://tagline.hushmail.com/fc/Ioyw6h4eKcNNuDcIajwOYbZZQdWACkJbUkI8</a><br>>nivIWyB9UBaom2cr26/<br>>><br>>><br>>><br>>> -----------------------------------------------------------------<br>>-----------
<br>>> Join us on IRC: <a href="http://irc.freenode.net";>irc.freenode.net</a> #webappsec<br>>><br>>> Have a question? Search The Web Security Mailing List Archives:<br>>> <a href="http://www.webappsec.org/lists/websecurity/";>
http://www.webappsec.org/lists/websecurity/</a><br>>><br>>> Subscribe via RSS:<br>>> <a href="http://www.webappsec.org/rss/websecurity.rss";>http://www.webappsec.org/rss/websecurity.rss</a> [RSS Feed]<br>
>><br>>><br><br>--<br>Click for free info on earning your associates degrees.<br><a href="http://tagline.hushmail.com/fc/Ioyw6h4dDtItoC8AtkpFInKjdv3IKsZ2KqeiNspL5CDOHMchriOR0v/";>http://tagline.hushmail.com/fc/Ioyw6h4dDtItoC8AtkpFInKjdv3IKsZ2KqeiNspL5CDOHMchriOR0v/
</a><br><br></blockquote></div><br>
------=_Part_9481_28520384.1188575285535--
Brought to you by http://www.webappsec.org
Search this site
|