(from Bug 1255570 comment #0) > Created attachment 8729168 [details] > testcase.html > > User Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/49.0.2623.87 Safari/537.36 > > Steps to reproduce: > > Combination of data URI, Unicode characters and frames. > Spoof is not perfect but good enough to easily fool your mom and dad. > At least it worked with mine :) > > Follow link in testcase file for a simple demo. > > > > Actual results: > > Browser navigates to arbitrary website but URL bar shows > https://secure.paypal.com/ > > > Expected results: > > At the very least misleading Unicode characters should be detected/escaped > and/or a big warning should be displayed. > > Note: I'm submitting a similar report to Chromium.
Comment on attachment 8747270 [details] [diff] [review] Patch for SeaMonkey V1 [Triage Comment] r=me a=me for whichever branches need it.
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Whiteboard: tracking-seamonkey2.45+ status-seamonkey2.45+
Target Milestone: --- → seamonkey2.46
You need to log in before you can comment on or make changes to this bug.