This is a UI bug which tend to generate a lot of ranting and spamming. DO NOT DO THAT OR WE'LL KICK YOU OUT! There's recently been a bug found in IE where it's possible to cut off part of the url shown in the url-bar. This opens an exploit where the user is tricked to go to the url: http://firstname.lastname@example.org/security/ex01/vun2.htm where everything after the %01 is hidden. The user thinks he's at www.microsoft.com and feel safe to download executables or enter sensitive information such as passwords or creditcard numbers. See also http://simon.incutio.com/archive/2003/12/09/nastyBug However, mozilla is vulnerable to this too, though to a lesser extent. If I were to go to the above url I would most likly think i'm at microsoft. Especially if it has a bit more obfusaction. And if you don't belave that I would be fooled by this you better beleave the my mom would. People don't look at the entire url seaching for a '@' sign, rather you just look at the beginning and feel safe after that. I can see two ways of fixing this in mozilla. Either we don't show the username in the url-bar (i.e. we cut away everything before the @). Or we could put emphasis on the servername, such as making it bold.
isn't this a dup of bug 122445?
*** This bug has been marked as a duplicate of 122445 ***