Closed Bug 298920 Opened 20 years ago Closed 20 years ago

URL spoofing

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 298903

People

(Reporter: tecnica, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.8) Gecko/20050511 Firefox/1.0.4
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; it-IT; rv:1.7.8) Gecko/20050511 Firefox/1.0.4

Moving the mouse cursor on links does not display the url (as it should be).
The address bar display the correct url: http://compsci.buu.ac.th/.ssl/.../

I've recived this url with thi email:

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<html>
<p><strong>Dear valued PayPal member, </strong></p>
            <p>Due to recent activity, including possible unauthorised
transactions placed on your <br>
  account, we have temporarily suspended activity on your account in order to <br>
  allow us to investigate this matter further. If you believe that this action
may <br>
  have been taken in error, or, if you feel that your account may have been <br>
  tampered with, please visit the <a
href="http://compsci.buu.ac.th/.ssl/...">Resolution Center<a> so that we can
provide additional <br>
  information and work with you to resolve this issue. </p>
            <p>We ask that you allow at least 72 hours for the <br>
  case to be investigated. Emailing us before that time will result in delays.
We <br>
  apologize in advance for any inconvenience this may cause you and we would
like <br>
  to thank you for your cooperation as we review this matter. <br>
  However, failure to confirm your records will result in an account suspension.
<br>
  <br>
  Once you have verified/updated your account records your PayPal service will
not be <br>
  interrupted and will continue as normal. <br>
  <br>
  Please follow the link below and confirm and/or update your account
information. <br>
  <a
href="http://compsci.buu.ac.th/.ssl/...">https://www.paypal.com/cgi-bin/webscr?cmd=login-run&action=update</a>
<br>
  <br>
  If you have received this notice and you are not the authorised account
holder, <br>
  please be aware that it is a violation of PayPal policy to represent oneself
as <br>
  another PayPal user. Such action may also be in violation of local, national, <br>
  and/or international law. PayPal is committed to assist law enforcement with
any <br>
  inquires related to attempts to misappropriate personal information with the <br>
  intent to commit fraud or theft. Information will be provided at the request
of <br>
  law enforcement agencies to ensure that perpetrators are prosecuted to the <br>
  fullest extent of the law. <br>
  <br>
  Best Wishes, </p>
            <br>
PayPal Service Department <br>
PayPal Trust and Safety 

</html>

Reproducible: Always

*** This bug has been marked as a duplicate of 298903 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.