If you’re using Mozilla Firefox or Chromium-based browsers, specifically Google Chrome or Microsoft Edge, you’ll notice that these products currently have version numbers 97 and 98 respectively.
browser’s User-Agent
Using a string you can see that these version numbers are sent by default to every web page you visit, a handy hint to say “Look who’s coming for dinner.”
in an ideal world User-Agent
What operating system your website has, what CPU it runs on, how many bits it runs on, what graphics system it uses, and the browser you choose.
But here on planet Earth, some websites need to know these details in order to adjust their behavior accordingly, and many websites want to know these details. because…
…because you can mine information from this data. Knowledge can be inferred from information. And knowledge, as the saying goes, is power.
What is your browser offering to you?
If you’ve never seen your browser’s headers in real life, there are two easy ways.
The first is to use a browser. developer tools (do the efforts Ctrl-Shift-I
), Heat network Click on the tab and then visit our website. The contents of each outgoing HTTP request, including headers and related HTTP responses, are logged and can be reviewed at your leisure.
After loading the page, click on one of the requests and header Tap and scroll header request part:
The second fun way is to pretend to be a web server and look at the other end of the connection.
installation Nmap toolkit of nmap.orgOpen a command prompt (or a shell or terminal window if you prefer that term) and use: ncat
A command to listen for incoming local network connections on port 7777.
Then enter the URL. http://127.0.0.1:7777/
Type in your browser’s address bar to tell the browser to connect to listen. ncat
The process by which HTTP requests are received exactly as they were sent, and the headers are printed to the screen in the order they arrived.
Here is the current version of Firefox (97.0.1 on 2022-02-25T16:00Z). ncat
Pseudo Web Server:
$ ncat -vv 127.0.0.1 -l 7777 Ncat: Version 7.92 ( https://nmap.org/ncat ) Ncat: Listening on 127.0.0.1:7777 Ncat: Connection from 127.0.0.1. Ncat: Connection from 127.0.0.1:54810. GET / HTTP/1.1 Host: 127.0.0.1:7777 User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:97.0) Gecko/20100101 Firefox/97.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,*/*;q=0.8 Accept-Language: en-GB,en;q=0.5 Accept-Encoding: gzip, deflate DNT: 1 Connection: keep-alive Upgrade-Insecure-Requests: 1 Sec-Fetch-Dest: document Sec-Fetch-Mode: navigate Sec-Fetch-Site: none Sec-Fetch-User: ?1
(You have to hit Ctrl-C
at ncat
Close the connection in the window. Otherwise, the browser will wait forever for an HTTP response that never comes.)
The latest version of Edge, based on Chromium, is one step ahead (accidentally, not intentionally) with a score of 98.
$ ncat -vv 127.0.0.1 -l 7777 Ncat: Version 7.92 ( https://nmap.org/ncat ) Ncat: Listening on 127.0.0.1:7777 Ncat: Connection from 127.0.0.1. Ncat: Connection from 127.0.0.1:54738. GET / HTTP/1.1 Host: 127.0.0.1:7777 Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="98", "Microsoft Edge";v="98" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Linux" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/98.0.4758.102 Safari/537.36 Edg/98.0.1108.56 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
As you can see, there are various version numbers and other details that the web server of interest can extract from that header. single digit Mozilla number (5); The three-digit AppleWebKit and Safari number (537) The two- and four-digit components of the Edg designator (56, 1108).
With funky JavaScript menus, third-party analytics and tracker add-ons, and high-resolution images, video and audio content, how hard can a modern website understand a simple website? A text string with an obvious text pattern, such as the data you see in User-Agent
string above?
Both the Firefox and Chromium communities seem to be struggling with what to do when their respective browsers reach version 100 and the first part of the multipart version number switches from two to three digits.
Surprisingly, thankfully, very rarely, there are actually still websites that get confused when conversions happen and make a millennium bug-style mistake by not figuring out the version number at all.
In fact, some sites are still creating Y2K-type calendar errors by “figuring out” that 100+ numbers “count” as less than 99, 98, 97, or perhaps some other positive integer. One.
Given that the header processing is done on the server, I can only guess how it works. So it’s impossible to determine exactly what kind of bug is on a server with this kind of problem. Some servers may call the v100 browser “outdated”, which actually means “a parsing problem has occurred, blaming the user and returning you to the main error page”. Others might interpret the string “100” as 10. You could simply truncate the end of the string and limit it to the usual two characters, or truncate it at the other end and it would be interpreted as 00. Or you could end up with 0 as some sort of uninitialized default. This means “an error occurred, but you didn’t realize it”. Since 0 and 10 are both much smaller than 97 or 98, the server can accept that there may be a server-side bug and settle for the convenient assumption that the browser hasn’t been updated in 10 years instead of giving it to the user. Doubtful interests.
Surely some mistake?
We’ve largely ignored this issue, with both Firefox and Chrome offering experimental setups for testers starting in 2021, forcing browsers to report major versions of 100 ahead of time.
Firefox also has a special “Compatibility” setting (visit URL about:compat
To see this), I’ll start with about 3 months and put together a list of known websites that everyone may need to lie about when version 100 is released.
Similarly, the Chromium browser introduced special flags: force-major-version-to-100
(Visit chromium://flags
or edge://flags
Allows testers to try version number 100 in advance.
In fact, the Chromium browser has force-minor-version-to-100
For example, instead of 98.0.4758.102, you’ll get something like 98.100.4758.102 (or some odd hybrid version number 98.100.1108.56 in Edge) as seen above.
That “minor version” flag was placed specifically to test the viability of . third There is a special flag workaround available when version 100 is released: “In 2022, we won’t need this stupid thing” option. force-major-version-to-minor
:
![](https://nakedsecurity.sophos.com/wp-content/uploads/sites/2/2022/02/v1h-major-in-minor.png)
We didn’t think this kind of hacking would be useful or even necessary, but I had to explore this new option, if you forgive my lousy puns…
… when we noticed release notes Regarding the latest developer version of Microsoft Edge that came out last night, specifically the new release was mentioned:
Activating Chromium’s administrative policy to force major version numbers into minor locations Temporary policies that fix major version numbers to 99 in user agent strings and put actual version numbers in minor locations (e.g. version switching) from 101.0.0.0 to 99.101.0.0 .
Edge-dev, also known as the developer channel version, runs one major version before Edge Beta, which runs one version ahead of the Edge Stable used by most people, especially on business computers.
Edge Stable is now 98 (see above), which means Edge-dev is already at 100 when visited with the latest Edge-dev version, as you can see here ncat here.
$ ncat -vv -l 7777 Ncat: Version 7.92 ( https://nmap.org/ncat ) Ncat: Listening on :::7777 Ncat: Listening on 0.0.0.0:7777 Ncat: Connection from 127.0.0.1. Ncat: Connection from 127.0.0.1:54746. GET / HTTP/1.1 Host: 127.0.0.1:7777 Connection: keep-alive sec-ch-ua: " Not A;Brand";v="99", "Chromium";v="100", "Microsoft Edge";v="100" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Linux" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/100.0.4867.0 Safari/537.36 Edg/100.0.1169.1 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
The Edge-dev team apparently thinks there are plenty of non-Y2K websites out there. sorry. An “alternative plan” known as Chromium in v100 is ready. Hatch again in December 2021It can be considered essential rather than simply useful.
What could be wrong?
Website webcompat.comIn particular, there is a GitHub page that is monitored by Mozilla volunteers. Various types of incompatibilitiesContains web bugs related to V1H issues.
(We called this the V1H bug. We use H to denote hecto-. From the Greek fo 100, as hectopascalsor hPa, used as the standard unit for barometric pressure, or hectareIt represents an area of 100mx100m and reflects how Y2K used K for kilo, which means 1000.
I installed Edge-dev and tried one of the sites recently reported on the Webcompat V1H list. daimler.com
They redirected us to the Mercedes-Benz page and determined that the 3 digit browser version was the latest version and not the new version.
On the Edge Stable now in v98, the site was working fine and a Mercedes-Benz redirect shows a page announcing that Daimler AG has changed its name to Mercedes-Benz Group AG from the beginning of this month.
Ironically, the daimler.com site didn’t get any better when I enabled the force-major-version-to-minor option, making the browser look like v99 with a minor identifier of 100. Numeric minor version numbers are not understandable.
What should i do?
- If you are a web user, Conversion will probably be like Y2K. Most sites work fine and many sites will never have this as a potential bug. However, if you are having problems with the site you need to reach, you should at least know that the browser manufacturer has a workaround that can help you.
- If you are a web programmer, This kind of thing really shouldn’t be a problem for you. After all, if you can’t understand the three-digit version number, how will you impress your visitors about the reliability of how it handles other variable-length data such as payment amounts, credit card details, postal codes, and other personal information?
There are still a few weeks left before the general public starts calling the Chrome 100, Edge 100, or Firefox 100, so test your own web properties before it’s too late.
Now you know how!
.