Closed
Bug 288817
Opened 19 years ago
Closed 19 years ago
password fishing by <a href="linka">linkb</a>
Categories
(Thunderbird :: Mail Window Front End, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 279191
People
(Reporter: bugzillaspambox, Assigned: mscott)
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.6) Gecko/20050317 Firefox/1.0.2 I just recieved a mail from "ebay". They told me that my account data needs to be updated. Well actually I am no ebay member (at least not anymore) and also the mail has been handled as junk so I thought that there was something wrong. At the end of the mail there was a link: https://signin.ebay.com/ws/eBayISAPI.dll?SignIn but it refered me to http://84.247.60.1/ebay It simulates to be the login page of ebay, but i guess it's not. In my case this wasn't a big deal, but i guess no everybody checks the details of the page if he gets a message like this. so thunderbird should check if the link is refered to an other host than it shows (<a href="linka">linkb</a> host of linka is not host of linkb) then a message with a little warning should appear. it's not a absolut necessary function of thunderbird, but try to image what happens if this happens to you with your bank data or something worse. I still marked it as a major problem because this is the easiest way of password fishing and could be reproduced by nearly everyone. So i guess it's not wrong to say that it should be fixed as soon as possible... Reproducible: Always
Comment 1•19 years ago
|
||
*** This bug has been marked as a duplicate of 279191 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•