bug 114 - border dashing and rounding not an option in Firefox

Issue: #114
Affects: Firefox 2.x
Fixed in: Firefox 3 (Beta 3)

Rounded corners make simple boxes look so much more appealing on the Web. CSS3 defines the border-radius CSS property, but of course Firefox, Safari and others implemented their own versions long ago before CSS3 was finalized.

In Firefox, specifying "-moz-border-radius: 5px;" for a block element will give a nice gentle curved corner to any box.

However, if your border is more than 1 (one) pixel in width, and you have it set to dashed, or dotted (e.g. not solid), then Firefox will not show the dashed/dotted pattern, but instead show a solid line.

The good news is that Firefox 3 (currently in Beta) appears to have fixed this issue.

Example:

<style type="text/css">
  div.fancy {
    border: 2px dashed #000066;
    -moz-border-radius: 5px;
  }
</style>
<div class="fancy">
This box should have a:<br/> dark blue<br/> 2 pixel<br/> dashed border<br/> with 5 pixel radius<br/> rounded corners.
</div>

This box should have a:
dark blue
2 pixel
dashed border
with 5 pixel radius
rounded corners.

Known Workarounds: None.

Related Issues: None.

Bug/Site Feedback |
Submit a bug

bug 169 - browsers parse 10 digit numbers as IP addresses

Issue: #169
Affects: IE6, IE7, Firefox
Status: [By Design]

At first this appears to be a "feature", but when the consequences of this bug are thought through, it is just one more vector of attack for unwitting surfers to fall prey to.

If you click on the following link (the href is the same as the text you see), it will take you to a web site!

http://1208929639/

Looks familiar?

The trick is, an "evil" site will look just the same:
http://3493960174/

First off, what are these urls? Well, if you take the IPv4 address of any domain, and convert each octet to hex, concatenate the hex value, then convert back to decimal, you'll get a 10 digit number.

As it turns out, IE & Firefox will handle this 10 digit number, resolve the IP Address, and navigate to it.

e.g. This blog post can be accessed by this URL (only in IE!)
bug 169 - browsers parses 10 digit decimal numbers as IP addresses


What this means, is that phishing scams, and any site that wants to lure you into downloading malicious software, now has yet another way to do so. It also means that any spam filtering software, or blacklisting software needs to handle roughly double the ammount of URLs in order to protect users!

(currently running tests on various browsers to determine the number affected)

Example:

  //tracert www.youtube.com
  // => 208.65.153.238
  // => Hex
  // D0.41.99.EE
  // D04199EE => Decimal
  // => 3493960174
  //<a href="http://3493960174/watch?v=qItugh-fFgg">Fake Label</a>

Try it here:
Best game ever!

Known Workarounds:
No workaround required. This feature is by design and does not realistically increase the attack surface.

Related Issues: None.

bug 317 - onload doesn't work everywhere

Issue: #317
Affects: Firefox, IE6, IE7, Opera, Safari

According to the JavaScript documentation, the onload event can be handled for the body, iframe, img, frameset & object tags. However not all browsers obey this the same.

Supports iframe onload:
Firefox - Yes
IE6, IE7 - Yes
Opera - Yes
Safari - No

Supports object onload:
Firefox - No
IE6, IE7 - No
Opera - No
Safari - Yes

So, take this into consideration if you are planning to use object versus an iframe in your next project.

Known Workarounds: None.

Related Issues: None.

Modern Browsers

Modern Browsers: I expect this to be a moving target, but as of mid-2007 I would only qualify the following as "Modern Browsers". You should expect to see little support, and very few features for browsers not listed here. If your Web Browser is not listed here, it IS time to upgrade.

• Mozilla
  
  
  
  • Mozilla
  
  
  • Firefox 1.5* | 2.0 | (3.0*)
  
  
  • Camino 1.5
  
  
  • Epiphany 2.2
  
  
  
  


• Opera 8.0 | 9.0 | 9.5


• Safari 3.0 | 3.1 (Mac or Windows)


• Konqueror 3.5 | 4.0


• Netscape 7.0 | 8.0 | 9.0


• Internet Explorer 7.0 | (8.0*)

*IE8 was just announced, in theory it should be a better version than IE7, however there has been no information about it so far, so it is too early to tell)

*Firefox 3.0 is now in its third public beta release (beta 345RC1RC2RC3) and is very near a full release (Will be available Tuesday June 17th, 2008). You can download the betaRC (Release Candidate) in your choice of 30+ languages for Windows, Mac or Linux here. Note: This is still a beta release, and as such a few bugs along the way should be expected.

*Firefox 1.5 is a modern web browser for sure, but with the fast pace of Firefox development, full support for this version has already moved on. If you are using Firefox 1.5 we strongly suggest you upgrade to Firefox 2.x or, if 3.x when it is available.