The browser version could be checked using Jscript. <script language="JScript"> alert(navigator.appCodeName+"\n"+navigator.appMinorVersion+"\n"+navigato r.appName+"\n"+navigator.appVersion+"\n"+navigator.userAgent); </script> Run script above and feel happy. Basically - you can setup the firewall to filter the user-agent like strings (Not only in headers).
-----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of nicolas vigier Sent: Monday, July 19, 2004 3:47 PM To: Ill will Cc: [EMAIL PROTECTED] Subject: Re: [Full-Disclosure] IE On Sun, 18 Jul 2004, Ill will wrote: > "user-agent contains very little _sensitive_ info" > > user agents could be used for exploits.. like redirecting the browser > to whatever exploit page by the definition of what browser is > connecting to it etc.. so it would be a good idea for some people to > conseal what type of browser is defined in the headers And you can feel safe with that ? Someone can put an exploit on a page without checking your browser before. The real solution is to use a browser with no known vulnerability (and that's better if it didn't have a lot in the past), not to try to hide what you are using. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
