Closed Bug 228185 Opened 19 years ago Closed 19 years ago
Mozilla does not present the correct link-target in the status-bar on specially crafted urls
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015 Like reported on Slashdot today, as an IE-vulerability, Mozilla is not totaly unaffected by this vulerability. When the @ is preceded by a %01, the status-bar presents the link-target false on mouse-hover, as www.yahoo.com with a diamond-sign after the url. Check the URL for example. http://email@example.com/0wn-j00.html Reproducible: Always Steps to Reproduce: 1. Go to http://www.secunia.com/internet_explorer_address_bar_spoofing_test/ 2. Hover mouse over the link 3. Observe the status-bar say the link points to www.microsoft.com¤ Expected Results: Show the link target correctly.
another one ? *** This bug has been marked as a duplicate of 228176 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
-> XP apps VERIFIED/dupe.
Status: RESOLVED → VERIFIED
Component: Layout: Fonts and Text → XP Apps
You need to log in before you can comment on or make changes to this bug.