[bug-hacker] URL permits a "Phishing Scam" of password and personal data.

VERIFIED DUPLICATE of bug 228176

Status

--
critical
VERIFIED DUPLICATE of bug 228176
15 years ago
14 years ago

People

(Reporter: hamacker, Assigned: aaronlev)

Tracking

Trunk
x86
Windows XP

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

15 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6b) Gecko/20031208

This is a not bug, but one fail of http url.
Here in brazil, some crackers has been used a url feature of browsers, to do this :
http://www.bradesco.com.br%01%00@200.0.0.1/

in link of variety of fake mails to people think that is a true mail of bank (or
other financial agency) to phishing passwords and other personal data.
I dont know if there are solution to this problem, but I believe that in  short
time, so much crackers will be use this form to create fake URL.

Thanks a lot,


Reproducible: Always

Steps to Reproduce:
1.open mozilla
2.type in URL : http://www.site.com%01%00@name-or-ip-addres-of-http-server/
3.Done. 

Actual Results:  
people can be deceived by a false URL.

Expected Results:  
deny access using this techinique.

Comment 1

15 years ago

*** This bug has been marked as a duplicate of 228176 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 15 years ago
Resolution: --- → DUPLICATE

Comment 2

15 years ago
v
Status: RESOLVED → VERIFIED

Comment 3

15 years ago
-> XP aps
Component: Keyboard: Navigation → XP Apps
Product: Core → Mozilla Application Suite
You need to log in before you can comment on or make changes to this bug.