User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0 I hope a few of the developers for Netscape, Mozilla, Firefox, and Thunderbird are reading this because I am a bit angry that I have to think of this for you. There is a simple security fix that OUGHT to be in every browser and email handler and it is this. IF A LINK URL IS GIVEN IN THE DOCUMENT THAT DESCRIBES ONE URL WHILE ACTUALLY POINTING TO A DIFFERENT URL, THE USER OUGHT TO SEE A BIG RED POPUP SAYING "DANGER DANGER WILL ROBINSON!" So for example if the html code is something like - <a href="www.somesleazebag.com">www.somerealplace.com</a> it should be very simple to catch this type of spoofing and give the poor user a heads up warning! AND this should be the default behaviour if you want to make it a user settable option. I am seeing a lot of email that trys to sucker the poor users into giving up vital information by pretending to be coming from a legitimate place, then actually redirecting them to a website that pretends to be that site and thus gain access to vital information. Sites like PayPals and EBay are prime examples. I get a lot of junk email trying to claim I must update my account information of some such at PayPals. I am an engineer so I know to check links before using them, BUT YOUR AVERAGE USER DOES NOT!!!!. Expecting the average user to be aware of such redirection attempts is WAY BEYOND their capabilities! MOST USERS DO NOT HAVE A CLUE HOW LINKING EVEN WORKS! PERIOD! This is a place where you developers need to design your software for users, NOT for other engineers and computer scientists! Reproducible: Always Expected Results: I expect a big loud warning to pop up saying the URL may be a spoof!
This is just a simple (non JS) variant of bug 257307, marking as DUP. *** This bug has been marked as a duplicate of 257307 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 13 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.