Closed
Bug 228936
Opened 21 years ago
Closed 21 years ago
URL spoofing vulnerability in Mozilla 1.0
Categories
(Core :: Security, defect)
Tracking
()
VERIFIED
DUPLICATE
of bug 228176
People
(Reporter: phani, Assigned: security-bugs)
Details
Attachments
(1 file)
409 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.0.0) Gecko/20020530 The cross-site vulnerability that exists in IE (http://support.microsoft.com/?id=833786) and reported by openwares(http://security.openwares.org/) also exists in Mozilla 1.0. I have tested with Mozilla 1.0 and Firebird 0.7 and the problem exists. Reproducible: Always Steps to Reproduce: 1.Open the html file attached in the test case. 2.Look at the status bar over the 'Link'. It shows Mozilla.org 3.Click on the link Actual Results: Goes to google.com Expected Results: It should either have displayed that the link is invalid (or) ignore the characters after the %00, and display mozilla.org
Reporter | ||
Comment 1•21 years ago
|
||
Comment 2•21 years ago
|
||
Please don't use Mozilla 1.0 to report bugs. It is horribly old. Always use the latest version to test bugs, especially security bugs. *** This bug has been marked as a duplicate of 228176 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•