Closed
Bug 361742
Opened 18 years ago
Closed 18 years ago
Address bar & URL spoofing
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 337344
People
(Reporter: bugzilla.mozilla, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.0; en-GB; rv:1.8.0.8) Gecko/20061025 Firefox/1.5.0.8 PayPal phishing site which spoofs an address bar and the URL of the current page. I have also tested this on the Firefox 2.0 release with the same results. Reproducible: Always Steps to Reproduce: 1. Navigate to http://196.41.221.21:443/problem/ 2. Fake message stating the page is moved is displayed with a link to go to "Main page". 3. Click link marked "Click here to go to our main page" Actual Results: New window pops up with spoofed address bar and URL, showing the user is at a page on paypal.com. Expected Results: User can see that the page is not at the paypal.com site. It seems that if the page is minimized or the window order is changed, the spoofed address bar disappears.
Comment 1•18 years ago
|
||
We've known about this issue for a long time, but haven't forced the (real) address bar to always be visible out of fear of breaking web sites. *** This bug has been marked as a duplicate of 337344 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 18 years ago
Resolution: --- → DUPLICATE
Comment 2•18 years ago
|
||
Firefox 2 (upgrade from 1.5.0.8) marks this site immediately as a suspected web forgery, and doesn't let it open with the location bar. In 1.5.0.8 the true host is shown in the title bar when the location bar is suppressed, but that is too subtle for most people.
You need to log in
before you can comment on or make changes to this bug.
Description
•