Closed Bug 295709 Opened 16 years ago Closed 1 year ago
with popups enabled, the opened popup may appear to belong to the page behind it (security issue)
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050513 Firefox/1.0+ Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8b2) Gecko/20050513 Firefox/1.0+ If you enable popups and go to http://aqppevof.mail333.com (this site attempts to trick people into giving out their credit card details), a popup is opened with an illegitimate page contained within, and behind it, a legitimate web page is opened. The user could be tricked into thinking that this popup is part of the legitimate page behind. Even Internet Explorer has got round this problem, because in the title bar of the popup, it displays the real address (http://aqppevof.mail333.com). FireFox does not. Reproducible: Always Steps to Reproduce: 1. Enable popups. 2. Go to http://aqppevof.mail333.com Actual Results: A popup that appears to belong to the legitimate page behind it is opened. Expected Results: There should be some kind of indication that this popup is from a different website. Note that http://aqppevof.mail333.com is a website attempting to defraud people, which is sent out in spam messages.
In 1.0.x builds the popup titlebar also contains the site in Firefox. In 1.1 we will either do that or put the sitename in the statusbar as we do for secure pages.
Depends on: 22183
Status: NEW → RESOLVED
Closed: 1 year ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.