User-Agent: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.6b) Gecko/20031208 Camino/0.7+ Build Identifier: Mozilla/5.0 (Macintosh; U; PPC Mac OS X Mach-O; en-US; rv:1.6b) Gecko/20031208 Camino/0.7+ News Services are publishing info about a new Internet Explorer Browser exploit. This exploit allows a webpage to show a link to a site and when the user mouse over the website, it shows a falsified web site domain name, not the page it is going to take you to if you click on it. So someone could go out and create a website that looks like, for example, Citibank and send mass e-mails in html that would tell everyone to log in to the Citibank site for some reason like new services or something. You mouse over the link and see it says http://www.citibank.com/special-offer.html in the browser at the bottom so you are confident it will take you directly to their site. You click the link and you are suddenly on a page that looks like citibank's and it asks you for your account number and pin which you enter and now you are victim of identity theft... Reproducible: Always Steps to Reproduce: 1. Go to example website 2. hover cursor over url provided 3. look at status bar 4. click the link and see that you do not go to the link displayed in the status bar. (checking the "prevent sites from changing status bar or window size/postion" does not function in these cases) Actual Results: The link takes you to a site other than that displayed in the status bar Expected Results: when you have the option in preferences "prevent sites from changing status bar or window size/postion" checked the browser should have displayed the correct url in the status bar rather than the fake url.
This bug is a duplicate of Bug 228176.
*** This bug has been marked as a duplicate of 228176 ***