Closed
Bug 233467
Opened 21 years ago
Closed 21 years ago
@ (At) Sign In URL (Web Address) Should Invoke Alert
Categories
(Core :: Security, enhancement)
Tracking
()
VERIFIED
DUPLICATE
of bug 122445
People
(Reporter: qwoir, Assigned: security-bugs)
Details
User-Agent:
Build Identifier: (Mozilla 1.6, which is not the browser being used to submit this report.)
The following is a realistic security concern that should be addressed: A
popular exploit these days is to send an email purporting to be from a
trustworthy entity, e.g. ebay.com, asking for funds. The URL linked in the text
is very long, starting with the name of the entity, e.g. "www.ebay.com".
However, buried in the cryptic parameter list is an "@" sign which redirects the
requests to a rogue IP. There should be an option, initially set to enabled,
which causes a security alert to pop up in the event that such a URL is
requested for fetching, especially if it is entered in the browser bar, as
opposed to embedded somewhere in the page. Granted, it might become a nuisance
if email addresses (which contain "@"s) are frequently passed in URLs. So a
checkbox for "Don't warn me again" would be useful, and also some help text in
the same dialog which tells the user where, in the labyrinth of preferences, he
can reenable the alert if desired in the future. (Perhaps some good AI could
differentiate between an email address passed as a parameter and a true
redirect. I doubt it, though.)
Reproducible: Always
Steps to Reproduce:
1. Type in "http://www.ebay.com@www.ibm.com".
2.
3.
Actual Results:
IBM comes up, as expected. I might as well have entered
"www.mybank.com@www.somehacker.com".
Expected Results:
Hopefully, altered me for being so dumb as to fall for this trick. Grandma
Bessie does not know what "@" does, and needs to be warned.
*** This bug has been marked as a duplicate of 122445 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•