User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.6; en-US; rv:220.127.116.11) Gecko/20100401 Firefox/3.6.3 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:18.104.22.168) Gecko/20100512 Thunderbird/3.0.5 Upon receiving a Phishing email attempting to gain details of an account I noticed that the URL displayed in the message window status bar was the same as the URL displayed in the email when viewed on windows 7. The same email in Thunderbird 3.0.5 on OSX 10.6.4 displayed the actual URL correctly. I have noticed other differences in the display of these emails between the OSX version and the Windows 7 Version. This to me is a very dangerous bug as it breaks the safest method of spotting a phishing attempt. Also - On OSX, Thunderbird correctly identifies the attempted Phish while on windows 7 - there is no indication that this is not a legitimate email beyond the traditionally horrific grammar. Reproducible: Always Steps to Reproduce: 1.Wait for Phishing email to land 2.Mouse of contained URL's and check what URL is seen in the status bar 3.Copare this between Windows 7 and OSX Actual Results: On windows 7 - the latest email I recieved contains the URL https://www.battle.net/account/support/login-support.xml The status bar shows the same URL when I mouse over the link On OSX using the same email, mousing over the same URL the status bar correctly shows the link http://www.account-info-status.net/account/support/login-support.htm Expected Results: I would expect that Thunderbird would be have consistently and show the actual URL in the status bar on both Operating systems and defiantly never be spoofed into showing the falsified URL I have run several scans on the Windows 7 system to attempt to confirm there is no other malicious software running on the system I am running the default theme on both systems I consider this a major issue as it effects the security of users running on windows 7 and their ability to steer clear of phishing and mal-ware sites
Created attachment 452505 [details] Screen shot of problem URL - Moused over and showing URL in status bar This screen shot shows the latest phishing email received The screen shot was taken while moused over the email displayed in a window on windows 7 - showing the URL displaying below. I have yet to figure out how to achieve a screen shot showing the mouseover on OSX ....
Can you save the message as a .eml file and attach it to this bug please?
Tim, do you see this if you use version 3.1 - recently released. testcase WFM on vista enterprise Mozilla/5.0 (Windows; U; Windows NT 6.0; en-US; rv:2.0b2pre) Gecko/20100701 Shredder/3.2a1pre
Version: unspecified → 3.0
Hi I just updated now thanks This does appear to have cleared the problems I saw - Mouse-over now shows the Actual URL in the email example I included for you. Thanks Tim
Thanks Tim. => WFM
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.