Closed Bug 228185 Opened 19 years ago Closed 19 years ago

Mozilla does not present the correct link-target in the status-bar on specially crafted urls

Categories

(SeaMonkey :: UI Design, defect)

x86
Linux
defect
Not set
major

Tracking

(Not tracked)

VERIFIED DUPLICATE of bug 228176

People

(Reporter: hhg, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.5) Gecko/20031015

Like reported on Slashdot today, as an IE-vulerability, Mozilla is not totaly
unaffected by this vulerability. When the @ is preceded by a %01, the status-bar
presents the link-target false on mouse-hover, as www.yahoo.com with a
diamond-sign after the url. Check the URL for example.
http://www.yahoo.com%01@www.0wnz0red.com/0wn-j00.html

Reproducible: Always

Steps to Reproduce:
1. Go to http://www.secunia.com/internet_explorer_address_bar_spoofing_test/
2. Hover mouse over the link
3. Observe the status-bar say the link points to www.microsoft.com¤



Expected Results:  
Show the link target correctly.
another one ?

*** This bug has been marked as a duplicate of 228176 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
-> XP apps
VERIFIED/dupe.
Status: RESOLVED → VERIFIED
Component: Layout: Fonts and Text → XP Apps
Product: Core → Mozilla Application Suite
You need to log in before you can comment on or make changes to this bug.