What type of script is this?
What type of script is this?
I found this short animation that plays on this page: http://blog.avast.com/2009/12/10/100-million-users/ (The clip about the 100 millionth user). This plays even when no scripts are running. Could anyone use this type of script for more mischievous purposes?? Or what type of script is it that no script doesn't block? Or am I mistaken and this is not even any type of script?
Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6
Re: What type of script is this?
Not a "clip".
It's an animated gif. Just like this .
So whatever exploits that may exist against a gif render-er, I guess could be exploited.
It's an animated gif. Just like this .
So whatever exploits that may exist against a gif render-er, I guess could be exploited.
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.19) Gecko/20110420 SeaMonkey/2.0.14 Pinball NoScript FlashGot AdblockPlus
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.1.6) Gecko/20091206 SeaMonkey/2.0.1
- Giorgio Maone
- Site Admin
- Posts: 9454
- Joined: Wed Mar 18, 2009 11:22 pm
- Location: Palermo - Italy
- Contact:
Re: What type of script is this?
We should add that you can't do anything about it, short than disabling image display.therube wrote:So whatever exploits that may exist against a gif render-er, I guess could be exploited.
On the other hand, Jpeg, GIF and PNG decoders are relatively simple and tested enough today to make a viable exploit very unlikely, especially if compared to how easy is mounting an attack against Javascript or plugins.
Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.9.1.6) Gecko/20091201 Firefox/3.5.6 (.NET CLR 3.5.30729)
Re: What type of script is this?
@ Giorgio: I have image.animation_mode set to "none". The Avast photos remain still images, as do all others. "Assuming" that an exploit were possible, would this prevent it, or are you saying that the exploit would be in one or more of the still images themselves, rather than in the animator?Giorgio Maone wrote:We should add that you can't do anything about it, short than disabling image display.therube wrote:So whatever exploits that may exist against a gif render-er, I guess could be exploited.
On the other hand, Jpeg, GIF and PNG decoders are relatively simple and tested enough today to make a viable exploit very unlikely, especially if compared to how easy is mounting an attack against Javascript or plugins.
I also have browser.blink_allowed set to "false".
Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.1.20) Gecko/20081217 Firefox/2.0.0.20