Closed
Bug 228090
Opened 21 years ago
Closed 21 years ago
Possible to hide servername in urlbar
Categories
(SeaMonkey :: Location Bar, defect)
SeaMonkey
Location Bar
Tracking
(Not tracked)
VERIFIED
DUPLICATE
of bug 122445
People
(Reporter: sicking, Unassigned)
References
()
Details
This is a UI bug which tend to generate a lot of ranting and spamming. DO NOT DO THAT OR WE'LL KICK YOU OUT! There's recently been a bug found in IE where it's possible to cut off part of the url shown in the url-bar. This opens an exploit where the user is tricked to go to the url: http://www.microsoft.com%01@zapthedingbat.com/security/ex01/vun2.htm where everything after the %01 is hidden. The user thinks he's at www.microsoft.com and feel safe to download executables or enter sensitive information such as passwords or creditcard numbers. See also http://simon.incutio.com/archive/2003/12/09/nastyBug However, mozilla is vulnerable to this too, though to a lesser extent. If I were to go to the above url I would most likly think i'm at microsoft. Especially if it has a bit more obfusaction. And if you don't belave that I would be fooled by this you better beleave the my mom would. People don't look at the entire url seaching for a '@' sign, rather you just look at the beginning and feel safe after that. I can see two ways of fixing this in mozilla. Either we don't show the username in the url-bar (i.e. we cut away everything before the @). Or we could put emphasis on the servername, such as making it bold.
Comment 1•21 years ago
|
||
isn't this a dup of bug 122445?
Reporter | ||
Comment 2•21 years ago
|
||
*** This bug has been marked as a duplicate of 122445 ***
Status: NEW → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Updated•16 years ago
|
Product: Core → SeaMonkey
You need to log in
before you can comment on or make changes to this bug.
Description
•