Closed Bug 390630 Opened 17 years ago Closed 17 years ago

CVE-2005-4809 Spoof URL in status bar

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 266932

People

(Reporter: lkundrak, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.8.1.2) Gecko/20070313 Firefox/2.0.0.2
Build Identifier: 

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

See relevant CVE-2005-4809 [1] and relevant [2] full-disclosure entry for details.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4809
[2] http://marc.theaimsgroup.com/?l=full-disclosure&m=111073068631287&w=2

Reproducible: Always
This is fixed in the Firefox 2.0.0.2 version you appear to be using, did you try it? Firefox 1.0.1 is no longer supported and the fix will not be back-ported.
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Daniel: feel free to close it then. I was not reporting against the version I use.
You need to log in before you can comment on or make changes to this bug.