mouse hole as a temporary patcher?
zimba-tm
zimba.tm at gmail.com
Thu Dec 8 09:01:40 EST 2005
Hi David,
mouseHole allows you to filter any incoming html data. So yes it's possible.But you'll have to make sure that every javascript expression fordocument.title is filtered.
I guess making a simple check for document.title is good enough, butyour script won't work in other cases. By assigning document to a dvariable for example, or hiding the nasty javascript in abase64-encoded-string.
At last, the more secure alternative is to allow javascript only onwebsites you know.
On 08/12/05, David Curran <david.curran at gmail.com> wrote:> Hello.> Can mousehole prevent particular JavaScript from ever being loaded by the> browser?> On Windows the POC code given on> http://packetstormsecurity.org/0512-exploits/firefox-1.5-buffer-overflow.txt> will fill up your history.dat file making firefox unusable.> Greasemonkey cannot be used to plug this hole because all JavaScript is> loaded before it monkeys around with it.> Is it possible to replace any document.title with length greater then say> 200 using mousehole?> Sorry if this question is idiotic, I just fell into mouse hole through a> hole in greasemonkey.> Regards> David>>>>> _______________________________________________> Mousehole-scripters mailing list> Mousehole-scripters at rubyforge.org> http://rubyforge.org/mailman/listinfo/mousehole-scripters>>>
--Cheers, zimba
http://zimba.oree.ch
More information about the Mousehole-scripters
mailing list