Closed
Bug 573289
Opened 14 years ago
Closed 13 years ago
Mouse over URL reports the displayed URL not the Actual URL
Categories
(Thunderbird :: Message Reader UI, defect)
Tracking
(Not tracked)
RESOLVED
WORKSFORME
People
(Reporter: timhill, Unassigned)
Details
(Keywords: testcase)
Attachments
(2 files)
Screen shot of problem URL - Moused over and showing URL in status bar
User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5
Upon receiving a Phishing email attempting to gain details of an account I noticed that the URL displayed in the message window status bar was the same as the URL displayed in the email when viewed on windows 7. The same email in Thunderbird 3.0.5 on OSX 10.6.4 displayed the actual URL correctly.
I have noticed other differences in the display of these emails between the OSX version and the Windows 7 Version.
This to me is a very dangerous bug as it breaks the safest method of spotting a phishing attempt.
Also - On OSX, Thunderbird correctly identifies the attempted Phish while on windows 7 - there is no indication that this is not a legitimate email beyond the traditionally horrific grammar.
Reproducible: Always
Steps to Reproduce:
1.Wait for Phishing email to land
2.Mouse of contained URL's and check what URL is seen in the status bar
3.Copare this between Windows 7 and OSX
Actual Results:
On windows 7 - the latest email I recieved contains the URL https://www.battle.net/account/support/login-support.xml
The status bar shows the same URL when I mouse over the link
On OSX using the same email, mousing over the same URL the status bar correctly shows the link http://www.account-info-status.net/account/support/login-support.htm
Expected Results:
I would expect that Thunderbird would be have consistently and show the actual URL in the status bar on both Operating systems and defiantly never be spoofed into showing the falsified URL
I have run several scans on the Windows 7 system to attempt to confirm there is no other malicious software running on the system
I am running the default theme on both systems
I consider this a major issue as it effects the security of users running on windows 7 and their ability to steer clear of phishing and mal-ware sites
This screen shot shows the latest phishing email received The screen shot was taken while moused over the email displayed in a window on windows 7 - showing the URL displaying below. I have yet to figure out how to achieve a screen shot showing the mouseover on OSX ....
|
||
Comment 2•14 years ago
|
||
Can you save the message as a .eml file and attach it to this bug please?
|
||
Comment 4•14 years ago
|
||
Tim, do you see this if you use version 3.1 - recently released. testcase WFM on vista enterprise Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:2.0b2pre) Gecko/20100701 Shredder/3.2a1pre
Version: unspecified → 3.0
Hi
I just updated now thanks
This does appear to have cleared the problems I saw - Mouse-over now shows the Actual URL in the email example I included for you.
Thanks
Tim|
|
||
Comment 6•13 years ago
|
||
Thanks Tim. => WFM
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → WORKSFORME
You need to log in
before you can comment on or make changes to this bug.
Description
•