Closed Bug 285667 Opened 19 years ago Closed 19 years ago

False links can spoof the user.

Categories

(Firefox :: General, defect)

x86
Linux
defect
Not set
major

Tracking

()

RESOLVED DUPLICATE of bug 257307

People

(Reporter: marc, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0

I hope a few of the developers for Netscape, Mozilla, Firefox, and Thunderbird
are reading this because I am a bit angry that I have to think of this for you.

There is a simple security fix that OUGHT to be in every browser and email
handler and it is this. IF A LINK URL IS GIVEN IN THE DOCUMENT THAT DESCRIBES
ONE URL WHILE ACTUALLY POINTING TO A DIFFERENT URL, THE USER OUGHT TO SEE A BIG
RED POPUP SAYING "DANGER DANGER WILL ROBINSON!"

So for example if the html code is something like -

<a href="www.somesleazebag.com">www.somerealplace.com</a>

it should be very simple to catch this type of spoofing and give the poor user a
heads up warning! AND this should be the default behaviour if you want to make
it a user settable option.

I am seeing a lot of email that trys to sucker the poor users into giving up
vital information by pretending to be coming from a legitimate place, then
actually redirecting them to a website that pretends to be that site and thus
gain access to vital information. Sites like PayPals and EBay are prime
examples. I get a lot of junk email trying to claim I must update my account
information of some such at PayPals. I am an engineer so I know to check links
before using them, BUT YOUR AVERAGE USER DOES NOT!!!!.

Expecting the average user to be aware of such redirection attempts is WAY
BEYOND their capabilities! MOST USERS DO NOT HAVE A CLUE HOW LINKING EVEN WORKS!
PERIOD! This is a place where you developers need to design your software for
users, NOT for other engineers and computer scientists!


Reproducible: Always



Expected Results:  
I expect a big loud warning to pop up saying the URL may be a spoof!
This is just a simple (non JS) variant of bug 257307, marking as DUP.

*** This bug has been marked as a duplicate of 257307 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.