Closed
Bug 379721
Opened 17 years ago
Closed 17 years ago
Phishing warning, found an easy way to hide a fake url
Categories
(Firefox :: Security, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 304905
People
(Reporter: bezet, Unassigned)
References
()
Details
(Keywords: testcase)
Attachments
(1 file)
159 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; pl; rv:1.8.1.3) Gecko/20070309 Firefox/2.0.0.3 This is my first time to post a bug, so I may do some things wrong. Anyway, I found an easy way to hide a fake url in a address. Check out the example: http://venatios.pl/bug.htm The link looks fine, when you move the mouse cursor over the link you can see in the status bar 'http://firefox.com', so it looks 'real'. But in fact, the link is http://%c2%8cfirefox.com/. However, the domain name is incorrect, but you can hide other addresses, like http://en.wikipedia.org/wiki/%c2%8cFirefox. What is interesting, at wikipedia the header will be shown as Firefox. I don't know if this is serious, but maybe firefox should output the url in the statusbar with the %c2%8c or other special characters? Reproducible: Always Steps to Reproduce: 1.Create link with some special character, like %c2%8c 2.The link in the status bar will be shown without the character Actual Results: The link at the status bar is fake.
Comment 1•17 years ago
|
||
With my 2.0.0.4pre build I see the status bar display "http://firefox.com" but with trunk it displays "http:// firefox.com" (Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.9a5pre) Gecko/20070504 Minefield/3.0a5pre ID:2007050405 [cairo])
Updated•17 years ago
|
Component: General → Security
QA Contact: general → firefox
Version: unspecified → 2.0 Branch
Comment 2•17 years ago
|
||
Updated•17 years ago
|
Reporter | ||
Comment 3•17 years ago
|
||
However, let's talk about the wikipedia case: It is possible to create fake sites on wikipedia like http://en.wikipedia.org/wiki/User:%c2%8cSomething or http://en.wikipedia.org/wiki/Wikipedia:%c2%8cAbout. The status bar shows the fake link and even the header is the same. Only the url is different (if noticed).
Updated•17 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•