265580 - A multi-line input to the url address line of the browser can fake a web address

Status: VERIFIED DUPLICATE of bug 249322

(Core :: Security, defect)

Description

[Maximilian Michel]

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040804
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.2) Gecko/20040804

This occurs, when a link is copied and pasted into a Mozilla browser window:

If the link contains two or more lines, the line breaks are parsed away and the
link is handled like it was in one line, so like having recieved a link in an
email which was broken in 2 line (thanks, ms outlook).

But instead of showing the whole link taken without line breaks, just the first
line is shown in the url address line in mozilla.
E.g.: 
action: paste "http://www
.mozilla.org/" into a browsing window.
effect: the mozilla.org site is shown, but in the address line just "http://www"
shows up.
if you do it in a tabbed window, and change from the paste-tab to another and
change back, the whole paste-string without line breaks is shown.

This could be used to get the user to copy links with line breaks into a browser
window, and get the user to surf a fake web-site which has the same sub-domain
as a known one. then just the sub-domain is shown to the user. 

Reproducible: Always
Steps to Reproduce:
1. copy link with line breaks e.g. "http://www
.mozilla.org/"
2. paste it into mozilla browser window


Actual Results:  
an incomplete url string is shown to the user

Expected Results:  
show the complete url which is used to retrieve to web site which is shown to
the user

Comment 1

[Maximilian Michel]

to my knowledge this behaviour applies to at least mozilla 1.7.2 and 1.7.3
/linux, not to firefox 1.0. I couldn't see it under windows at all.

Comment 2

[Ben Bucksch (:BenB)]

*** This bug has been marked as a duplicate of 249322 ***

Comment 3

[Asa Dotzler [:asa]]

verified duplicate.