Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Sla.ckers.org
Bug reports, feature enhancements or other complaints with the site, with us or just tell us what a miserable existance you have. No death threats or poetry please. Just kidding, no poetry please. 

Current Page: 1 of 1
Results 1 - 8 of 8
6 years ago
dveditz
You're very wise to worry. Here's some docs: http://developer.mozilla.org/en/docs/XPConnect_wrappers http://developer.mozilla.org/en/docs/XPCNativeWrapper Due to the downside of XPCNativeWrappers mentioned by ma1 of not being able to reach js properties you may see code examples that use "wrappedJSObject" -- very dangerous, that's explicitly bypassing the protections mentioned above
Forum: CSRF and Session Info
6 years ago
dveditz
Which it should, because hotmail is the host. The part before the '@' sign is the optional user:pass info.
Forum: Bugs
7 years ago
dveditz
BK Wrote: ------------------------------------------------------- > I've informed Mozilla security... they say it’s a > feature and "bad behavior" on IE’s part... I never said it was a feature, I said we were "working on protecting users from this on our end for a future security update." I do think IE should escape quotes in URLs (RFC 1738 considers them an
Forum: Full Disclosure
8 years ago
dveditz
> The real question is why would they bother coding this into browsers at all? It's standard inet_addr(), it's happening below the browsers. http://www.opengroup.org/onlinepubs/007908799/xns/inet_addr.html http://msdn.microsoft.com/library/default.asp?url=/library/en-us/winsock/winsock/inet_addr_2.asp
Forum: News and Links
8 years ago
dveditz
maluc: it downloads a diff. The client sends a url that includes arguments like "version=goog-white-domain:1:16" ("I have version 1.16") and the host responds with something like +myspace.com 1 The next time the client sends version "1.17" for that list and gets back nothing, until the list is updated on the server. You can play with the link in jungsonn's ori
Forum: News and Links
8 years ago
dveditz
IETab uses the IE browser component the way other apps (TurboTax, Quicken, AIM, etc.) embed IE. It's not going to pick up anything that's part of the IE *application* built on that browser core -- there's no IE UI involved. I personally think IEView (launch separate IE window) is a safer way to go, though more cumbersome. The reason Google uses http is to avoid melting their servers. Don't know
Forum: News and Links
8 years ago
dveditz
The data file is downloaded over http, but first a key is gotten via https. It's tricky stuff and you're welcome to poke holes, but it's not as simple as just pwning a GET request http://lxr.mozilla.org/mozilla/source/toolkit/components/url-classifier/content/url-crypto-key-manager.js#38
Forum: News and Links
8 years ago
dveditz
The www.mozilla.com and doctor.mozilla.org ones appear to have been fixed last night.
Forum: Full Disclosure
Current Page: 1 of 1