Closed Bug 266943 Opened 17 years ago Closed 17 years ago

Status bar link spoof vulnerability

Categories

(Firefox :: General, defect)

defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 266932

People

(Reporter: nelson_menezes, Assigned: bugzilla)

References

()

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i586; en-US; rv:1.7) Gecko/20040803 Firefox/0.9.3

As reported on Slashdot
(http://it.slashdot.org/article.pl?sid=04/10/30/1555251&tid=113) by several
contributors, FF is also vulnerable (to a smaller extent) to a spoofing of a
link's address that affects pre-SP2 IE and Opera.

On the status bar, a link's address given by malformed HTML of this kind...

<a href="http://www.microsoft.com/"><table><tbody><tr><td><a
href="http://www.google.com/">http://www.microsoft.com</a></td></tr></tbody></table></a>

...will not match the actually detination address upon "opening in a new tab"
(left-clicking or opening in new window works as expected though). Although the
status bar reports the "correct" address, the new tab will open the spoof address.

A ./ contributor has put an example page up that exemplifies the problem; there
were several reports of it affecting the PR:
http://home.cfl.rr.com/jdrabb/testspoof.html

Of course, the problem is with the malformed HTML but this could be part of a
spoofing attempt, so FF should be able to handle this...

Reproducible: Always
Steps to Reproduce:
1. Open http://home.cfl.rr.com/jdrabb/testspoof.html
2. Hover cursor on 1st link, note status bar address
3. Middle-click on link - taken to spoof address

Actual Results:  
As above

Expected Results:  
It should have opened the same url as when left-clicking or opening on a new window

*** This bug has been marked as a duplicate of 266932 ***
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.