Closed Bug 390630 Opened 14 years ago Closed 14 years ago

CVE-2005-4809 Spoof URL in status bar

Categories

(Firefox :: Security, defect)

x86
Linux
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 266932

People

(Reporter: lkundrak, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux x86_64; cs-CZ; rv:1.8.1.2) Gecko/20070313 Firefox/2.0.0.2
Build Identifier: 

Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.

See relevant CVE-2005-4809 [1] and relevant [2] full-disclosure entry for details.

[1] http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4809
[2] http://marc.theaimsgroup.com/?l=full-disclosure&m=111073068631287&w=2

Reproducible: Always
This is fixed in the Firefox 2.0.0.2 version you appear to be using, did you try it? Firefox 1.0.1 is no longer supported and the fix will not be back-ported.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2005-4809
Daniel: feel free to close it then. I was not reporting against the version I use.
You need to log in before you can comment on or make changes to this bug.