Closed Bug 228521 Opened 21 years ago Closed 20 years ago

Security risk: forged HTML email containing bogus URLs - warning should be issued

Categories

(SeaMonkey :: MailNews: Message Display, enhancement)

Product:
SeaMonkey
Component:
MailNews: Message Display
Platform:
x86
Linux
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 122445

People

(Reporter: minfrin, Assigned: sspitzer)

Details

(Whiteboard: [sg:nse])

Attachments

(1 file)

Example of forged email message, containing bogus URLs
2.21 KB, text/plain
Details 
User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20031119
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.4) Gecko/20031119

In the attached email message received by Mozilla mail/news, an attempt is
made to convince the mail reader to click on the attached link which is printed
as https://www.e-gold.com/acct/login.html in an HTML email.

In reality, this link goes to
http://e-gold.com%69%6E%64%65%78%6C%6F%67%69%6E%68%74%6D%6C%61%64%73%66%61%73%64%68%6A%6B%71%77%65%6B%6A%68%61%73%64%61%6C%73%64%61%6A%6B%73%64%6B%6A%71%70%77%6F%64%61%73%6B%6A%73%64%68%61%73%64%6B%6A%61%73%64%61%6F%73%64@%32%30%30%2E%31%36%31%2E%31%35%31%2E%35%34:%38%30/%65%67%2E%68%74%6D%6C
which is a trojan website, hosted at 200.161.151.54 port 38.

Mozilla should (IMHO) take the following steps to warn the user of possible
security issues when rendering HTML mail:

- If an <A> link contains an url, and the url is not the same as the url in the
href, a security warning should pop up asking if the user is aware of where the
email sender is trying to direct them to. for example: <A
href="http://goodsite@evilsite">http://goodsite</A>

- If an <A> link contains something other than a URL, and the href has an
embedded username in it, a security warning should pop up, explaining that the
user is about to connect to site "evilsite" using username "goodsite", do they
want to do this. For example: <A href="goodsite@evilsite">Click here to go to
goodsite.</A>

These measures should help counter the security flaws in HTML email.


Reproducible: Always

Steps to Reproduce:
XXX
Removing confidential flag, this trick is already well known to the bad guys.
Duping against general phishing bug, if someone finds a more exact match feel
free to change it.

*** This bug has been marked as a duplicate of 122445 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:nse]
Product: Browser → Seamonkey
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: