From: "Juan Carlos Garcia Cuartango" <email@example.com> Subject: Communicatot 4.5 Frame Spoofing vulnerability To: "Chis Saito" <firstname.lastname@example.org> Chris,There is a design flaw in the location bar of most of Internet browsers : If the URL does not fit into the location box the browser will display the right part of the URL, this behaviour produces a FRAME SPOOFING security hole. I have only tested it with Communicartor 4.5 but I suspect previous versions are also affected.There is a demo at http://pages.whowhere.lycos.com/computers/cuartangojc/fspoof1.htmlI have reported the issue using the official form. Russ Cooper (NTBugtraq) give me your name as a rigth person to address the security issues.Regards,Juan Carlos G. CuartangoPS,The same hole exists in Microsoft Explorer browser I have also reported to them the issue.
Assigned to radha for M9.
Updating QA Contact.
Move to M20 target milestone.
nav triage team: NS 6 RTM on Win2k doesn't exhibit the spoof. Marking W4M
mass-verifying WorksForMe bugs which haven't changed since 2001.12.31. set your search string in mail to "EmperorLondoMollari" to filter out these messages.