Firefox weird referrer problem
I typed this up last night but forgot to post it: Before I start this thread - I can't reproduce this on any Firefox instance I have access to, so I'm asking for help from people with Firefox handy for...
View ArticleRe: Firefox weird referrer problem
I was able to reproduce it with firefox 2.0.0.11 (many extensions installed), but not with firefox 3 beta 2 (no extensions installed).
View ArticleRe: Firefox weird referrer problem
276.331.422.841 - - [30/Jan/2008:12:10:49 -0800] "GET /templates/siteground25/css/template_css.css HTTP/1.1" 200 8043 "http://ww.netomix.com/" "Moz illa/5.0 (Windows; U; Windows NT 5.1; en-US;...
View ArticleRe: Firefox weird referrer problem
Weird... okay, so what plugins do we all have? Here's mine on the only machine I could produce it on: Adblockplus (Easylist subscription) Auto Copy Chrome list CustomizeGoogle (lots of customizations...
View ArticleRe: Firefox weird referrer problem
My settings presently are: Adblock Plus (highly customized list of sites) Add N Edit Cookies Chatzilla Chrome List CookieCuller DOM Inspector Firebug Flashblock (turned off) FoxyProxy (turned off)...
View ArticleRe: Firefox weird referrer problem
DOM Inspector Download Status Bar Google Toolbar Talkback
View ArticleRe: Firefox weird referrer problem
I don't think it's related to extensions. I can reproduce with firefox 2.0.0.11 with no plugins installed (I created a new profile). [31/Jan/2008:20:37:22 -0700] "GET...
View ArticleRe: Firefox weird referrer problem
Looks like a recursion issue: http://lxr.mozilla.org/mozilla1.8.0/source/netwerk/base/src/nsURLParsers.cpp#497 wild guess though.
View ArticleRe: Firefox weird referrer problem
In any case: we now have a big problem: hxxps://www.gmail.com%C0%AF%C0%AF%C0%C0%80@roguehost.com which can be used to trick Firefox users to authenticate ssl on a rogue host. look mom! it has ssl it's...
View ArticleRe: Firefox weird referrer problem
@thornmaker - I tried three different machines with three different setups and all three failed to give me the result, so I'm really unsure of why one would work and the others wouldn't. I tried to...
View ArticleRe: Firefox weird referrer problem
That's actually pretty interesting, and I can reproduce it as well by visiting http://:foo@p42.us/ and seeing firefox send http://s/ Have you tried simply disabling or uninstalling extensions until you...
View ArticleRe: Firefox weird referrer problem
@RSnake try E-gold that one allows wildcards: hxxps://www.gmail.com%C0%AF%C0%AF%C0%C0%80@foo.e-gold.com It first fetches the certificate form e-gold which it should never do, I can see multiple ways in...
View ArticleRe: Firefox weird referrer problem
Another issue: we can also abuse domain name guessing: www.gmail.com%C0%AF%C0%AF%C0%C0%80@hotmail which lands on hotmail, or any other service.
View ArticleRe: Firefox weird referrer problem
Which it should, because hotmail is the host. The part before the '@' sign is the optional user:pass info.
View ArticleRe: Firefox weird referrer problem
@Ronald: the e-gold example still alerts me that this may be a user name trick (along with a ssl domain name mismatch warning). the hotmail example however worked without any alerts @all: could the web...
View ArticleRe: Firefox weird referrer problem
@thornmaker: It's probably not the web server, seeing as I see Firefox _sending_ the wrong referer, rather than Apache just recording the wrong referer.
View ArticleRe: Firefox weird referrer problem
@dveditz great, why does opera give me a warning (even without .com), while firefox doesn't? that puzzled me.
View ArticleRe: Firefox weird referrer problem
@thornmaker yeah that is true, but it first fetches the certificates, which might cause issues. There are a couple of certificate mis-match browser issues in the past that allow different hosts to...
View ArticleRe: Firefox weird referrer problem
Okay, bizarre - now I can't reproduce it at all... Gah! This is really frustrating. I have no idea what I changed (I don't think I changed anything). The only thing I can think of is that I switched...
View ArticleRe: Firefox weird referrer problem
I setup a live log viewer/grepper that filters for one of the embedded images on the homepage of my site, h++p://p42.us/. You can access the log file at h++p://p42.us/kubrick.txt . I'll leave it up for...
View Article
