• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

Important IE update

As much as I like Firebird and think people should use it, don't do it this way.

1. You're intentionally exploiting an IE vulnerability
2. You're misleading people and simply come across as a troll, which will not create converts to the cause.
 
It exploits the bad URL processing and makes zcat.wired.net.nz/details.aspx look like it's msie.microsoft.com.

I think it's funny, because it's extremely simple to hide the real URL from people and make them think they're browsing one site when they're really not, kinda scarey if you think about it.
 
Originally posted by: Nothinman
It exploits the bad URL processing and makes zcat.wired.net.nz/details.aspx look like it's msie.microsoft.com.

I think it's funny, because it's extremely simple to hide the real URL from people and make them think they're browsing one site when they're really not, kinda scarey if you think about it.
Click to expand...

...and if you view the source, the whole page is in a non-standard "conditional comment", so it isn't really supposed to show anything anyway 😉.
 
Yeah I gathered that much, I just thought the page that it loaded did something nasty (other than mention mozilla, which I saw in the source).

That's interesting though, the %00 in the url tricked firebird into terminating the string right there, so in the status bar I saw "msie.microsoft.com" with a weird character after it (the %01 I suppose), but not the @ or the real domain after it. Mozilla bug. 😉
 
...and if you view the source, the whole page is in a non-standard "conditional comment", so it isn't really supposed to show anything anyway .
Click to expand...

Using Galeon it worked properly, I saw nothing.

That's interesting though, the %00 in the url tricked firebird into terminating the string right there, so in the status bar I saw "msie.microsoft.com" with a weird character after it (the %01 I suppose), but not the @ or the real domain after it. Mozilla bug
Click to expand...

Firebird bug, in Galeon it all looked as I think it should.
 
Originally posted by: BingBongWongFooey
Yeah I gathered that much, I just thought the page that it loaded did something nasty (other than mention mozilla, which I saw in the source).

That's interesting though, the %00 in the url tricked firebird into terminating the string right there, so in the status bar I saw "msie.microsoft.com" with a weird character after it (the %01 I suppose), but not the @ or the real domain after it. Mozilla bug. 😉
Click to expand...

Yup. The exploit has partial effectiveness on Mozilla browsers as well, although it is supposed to have been fixed in more recent builds.
 
Originally posted by: ClueLis
Originally posted by: BingBongWongFooey
Yeah I gathered that much, I just thought the page that it loaded did something nasty (other than mention mozilla, which I saw in the source).

That's interesting though, the %00 in the url tricked firebird into terminating the string right there, so in the status bar I saw "msie.microsoft.com" with a weird character after it (the %01 I suppose), but not the @ or the real domain after it. Mozilla bug. 😉
Click to expand...

Yup. The exploit has partial effectiveness on Mozilla browsers as well, although it is supposed to have been fixed in more recent builds.
Click to expand...

Yeah, my ~12/10 moz build showed the partial string in the status bar, but my 1/16 build shows the full string (I didn't try any between those 2). Try quoting my post though... move the cursor around... the behavior is slightly off because of the null.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top