Mouse over URL reports the displayed URL not the Actual URL

RESOLVED WORKSFORME

Status

Thunderbird
Message Reader UI
--
major
RESOLVED WORKSFORME
8 years ago
7 years ago

People

(Reporter: Tim Hill, Unassigned)

Tracking

({testcase})

x86_64
Windows 7
testcase

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(2 attachments)

(Reporter)

Description

8 years ago
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.10) Gecko/20100512 Thunderbird/3.0.5

Upon receiving a Phishing email attempting to gain details of an account I noticed that the URL displayed in the message window status bar was the same as the URL displayed in the email when viewed on windows 7. The same email in Thunderbird 3.0.5 on OSX 10.6.4 displayed the actual URL correctly.
  I have noticed other differences in the display of these emails between the OSX version and the Windows 7 Version.
   This to me is a very dangerous bug as it breaks the safest method of spotting a phishing attempt.

    Also - On OSX, Thunderbird correctly identifies the attempted Phish while on windows 7 - there is no indication that this is not a legitimate email beyond the traditionally horrific grammar.


Reproducible: Always

Steps to Reproduce:
1.Wait for Phishing email to land
2.Mouse of contained URL's and check what URL is seen in the status bar
3.Copare this between Windows 7 and OSX
Actual Results:  
On windows 7 - the latest email I recieved contains the URL https://www.battle.net/account/support/login-support.xml
   The status bar shows the same URL when I mouse over the link

On OSX using the same email, mousing over the same URL the status bar correctly shows the link http://www.account-info-status.net/account/support/login-support.htm

Expected Results:  
I would expect that Thunderbird would be have consistently and show the actual URL in the status bar on both Operating systems and defiantly never be spoofed into showing the falsified URL


I have run several scans on the Windows 7 system to attempt to confirm there is no other malicious software running on the system

    I am running the default theme on both systems

   I consider this a major issue as it effects the security of users running on windows 7 and their ability to steer clear of phishing and mal-ware sites
(Reporter)

Comment 1

8 years ago
Created attachment 452505 [details]
Screen shot of problem URL - Moused over and showing URL in status bar

This screen shot shows the latest phishing email received The screen shot was taken while moused over the email displayed in a window on windows 7 - showing the URL displaying below. I have yet to figure out how to achieve a screen shot showing the mouseover on OSX ....
Can you save the message as a .eml file and attach it to this bug please?
(Reporter)

Comment 3

8 years ago
Created attachment 452596 [details]
Example Email - .eml

Email saved and attached as requested
Keywords: testcase

Comment 4

8 years ago
Tim, do you see this if you use version 3.1 - recently released.

testcase WFM on vista enterprise  Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:2.0b2pre) Gecko/20100701 Shredder/3.2a1pre
Version: unspecified → 3.0
(Reporter)

Comment 5

8 years ago
Hi
   I just updated now thanks
     This does appear to have cleared the problems I saw - Mouse-over now shows the Actual URL in the email example I included for you.

  Thanks
        Tim

Comment 6

7 years ago
Thanks Tim.
=> WFM
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.