Closed Bug 228185 Opened 19 years ago Closed 19 years ago

Mozilla does not present the correct link-target in the status-bar on specially crafted urls

Tracking

(Not tracked)

Status:

VERIFIED DUPLICATE of bug 228176

People

(Reporter: hhg, Unassigned)

References

(
URL
)

Details

Håvard Husevåg Garnes

Reporter

Description

•

19 years ago

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015

Like reported on Slashdot today, as an IE-vulerability, Mozilla is not totaly
unaffected by this vulerability. When the @ is preceded by a %01, the status-bar
presents the link-target false on mouse-hover, as www.yahoo.com with a
diamond-sign after the url. Check the URL for example.
http://www.yahoo.com%01@www.0wnz0red.com/0wn-j00.html

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
2. Hover mouse over the link
3. Observe the status-bar say the link points to www.microsoft.com&#164;



Expected Results:  
Show the link target correctly.

Jo Hermans

Comment 1

•

19 years ago

another one ?

*** This bug has been marked as a duplicate of 228176 ***

Status: UNCONFIRMED → RESOLVED

Closed: 19 years ago

Resolution: --- → DUPLICATE

benc

Comment 2

•

19 years ago

-> XP apps
VERIFIED/dupe.

Status: RESOLVED → VERIFIED

Component: Layout: Fonts and Text → XP Apps

Myk Melez [:myk] [@mykmelez]

Updated

•

18 years ago

Product: Core → Mozilla Application Suite

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Mozilla does not present the correct link-target in the status-bar on specially crafted urls

Categories

(SeaMonkey :: UI Design, defect)

Tracking

(Not tracked)

People

(Reporter: hhg, Unassigned)

References

(
URL
)

Details

Crash Data

Security

(public)

User Story

Description

Comment 1

Comment 2

Updated