Closed Bug 266943 Opened 17 years ago Closed 17 years ago
Status bar link spoof vulnerability
User-Agent: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 Build Identifier: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3 As reported on Slashdot (http://it.slashdot.org/article.pl?sid=04/10/30/1555251&tid=113) by several contributors, FF is also vulnerable (to a smaller extent) to a spoofing of a link's address that affects pre-SP2 IE and Opera. On the status bar, a link's address given by malformed HTML of this kind... <a href="http://www.microsoft.com/"><table><tbody><tr><td><a href="http://www.google.com/">http://www.microsoft.com</a></td></tr></tbody></table></a> ...will not match the actually detination address upon "opening in a new tab" (left-clicking or opening in new window works as expected though). Although the status bar reports the "correct" address, the new tab will open the spoof address. A ./ contributor has put an example page up that exemplifies the problem; there were several reports of it affecting the PR: http://home.cfl.rr.com/jdrabb/testspoof.html Of course, the problem is with the malformed HTML but this could be part of a spoofing attempt, so FF should be able to handle this... Reproducible: Always Steps to Reproduce: 1. Open http://home.cfl.rr.com/jdrabb/testspoof.html 2. Hover cursor on 1st link, note status bar address 3. Middle-click on link - taken to spoof address Actual Results: As above Expected Results: It should have opened the same url as when left-clicking or opening on a new window
*** This bug has been marked as a duplicate of 266932 ***
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.