Closed Bug 1310704 Opened 8 years ago Closed 8 years ago

status bar spoofing

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
49 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1310432

People

(Reporter: cs.anurag.jain, Unassigned)

Details

Attachments

(1 file)

a.html
120 bytes, text/html
Details
Attached file a.html 
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/53.0.2785.143 Safari/537.36

Steps to reproduce:

1) Open the attached a.html
<a id="myLink" onfocus="document.getElementById('myLink').href ='http://abcd.com'" href="http://google.com">Click Me</a>
2) Place your cursor on link "Click Me"
3) On status bar you will see it will goto google.com
4) Click on it and it will move to abcd.com instead


Actual results:

Clicking on the link navigate user to an unexpected website link. User trusting status bar would be spoofed


Expected results:

User should always be shown the correct url where they would be navigated.
Please stop reporting duplicates of this bug. If this is some kind of group/class project, please tell your instructor to stop abusing a public bugtracker and use landfill.mozilla.org instead.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: