Closed Bug 554176 Opened 15 years ago Closed 14 years ago

window.status don't change in time when mouse over href, posible fake link

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Version:
3.6 Branch
Platform:
x86
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INCOMPLETE

People

(Reporter: pvtolkien, Unassigned)

Details

(Whiteboard: [CLOSEME 2011-2-25])

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2) Gecko/20100115 Firefox/3.6 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; es-ES; rv:1.9.2) Gecko/20100115 Firefox/3.6 If we use onmouseover event with 'a' tag and 'href' attribute to change location, it won't change (under window status perspective) until you click. So we can deceive the user to visit some other page. IE8 and Chrome really change "window status future location" really on event. Reproducible: Always Steps to Reproduce: PoC: <a href="http://good.com" onmouseover="this.href='http//evil.com'" onmouseout="this.href='http://good.com'">http://good.com</a> Actual Results: When I put mouse over link, I see http://good.com on window.status, but when I click I visit http://evil.com Expected Results: I should see http://evil.com when I put mouse over link, like IE8 and Chrome do.
OS: Windows 7 → All
Summary: window.status don't change in time when mouseover event with href → window.status don't change in time when mouse over href, posible fake link
Version: unspecified → 3.6 Branch
Related to/duplicate of Core bug 229050?
@zug_treno No way. Now FF ignores onclick event and executed href, so it's correct. (IE8 fails in that way). In my scenario, I change the href onmouseover, and it isn't reflected on window status.
Sorry, FF ignores onclick over href, just if we try to change location. Any other script will be executed. But I've seen that could be bypassed... <a href="http://good.es" onclick="location='http://evil';alert(1);">Click</a>
Reporter, are you still seeing this issue with Firefox 3.6.13 or later in safe mode or a fresh profile? If not, please close. These links can help you in your testing. http://support.mozilla.com/kb/Safe+Mode http://support.mozilla.com/kb/Managing+profiles
Whiteboard: [CLOSEME 2011-2-25]
This bug has had the CLOSEME tag for several weeks and the date in the tag is far gone. If the reporter can still see this issue, Please retest with Firefox 3.6.x or later and a new profile (http://support.mozilla.com/kb/Managing+profiles). Then please remove the closeme tag in the whiteboard, mark the bug against the proper version and comment on the bug.
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INCOMPLETE
You need to log in before you can comment on or make changes to this bug.