Closed Bug 301989 Opened 19 years ago Closed 19 years ago

Firefox doesn't display warning while opening malicious page in a new tab.

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
All
Windows 2000
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED INVALID

People

(Reporter: ramandeeps, Unassigned)

Details

User-Agent:       Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0)
Build Identifier: 

I recently received an email from ebay asking me to update my contact details. 
I think the mail was sent from a malious location. So, when i clicked on the 
link, firefox warned me that i was trying to open a website which can be
malicious and when i clicked OK, it opened the website in a new window.
But, when i right-clicked on the same link and opened the page in a new
tab it gave no warning. I think, it should have displayed the warning
while opening the link in a new tab.

Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) 
Gecko/20050511 Firefox/1.0.4

Reproducible: Always

Steps to Reproduce:
1. Just design a malicious web page and sent it as an email.
2. Open the link in a new window, firefox dispalys a warning.
3. Open the link in a new tab, firefox doesn't display the warning.

Actual Results:  
Firefox doesn't display the warning while opening a malicous URL in a new tab.

Expected Results:  
Firefox should have displayed a warning while opening a malicous URL in a new 
tab as it did when opening the same URL in a new window.

Browser Details: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-US; rv:1.7.8) 
Gecko/20050511 Firefox/1.0.4
Not an exploit, clearing confidential flag.
Group: security
Is this a firefox feature? If so, it's not one I'm aware of.
Sure it's not an option of your email client, or an extension?
I haven't installed any email clients or firefox extensions. I just opened my 
yahoo account in firefox and got that mail from ebay and when i clicked on it, 
instead of the URL, it displayed an IP address, which made me believe that the 
URL was a malicious one. 
That's not Firefox warning you about the link, it's Yahoo Mail - they just have
some JavaScript that traps clicks, but not right-clicks. Nothing we can do about
that.
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → INVALID
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.