If URL doesn't fit into location bar, browser displays right part of the URL

VERIFIED WORKSFORME

Status

SeaMonkey
UI Design
P3
normal
VERIFIED WORKSFORME
19 years ago
13 years ago

People

(Reporter: Michael La Guardia, Assigned: Radha on family leave (not reading bugmail))

Tracking

Trunk
All
Windows 95

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

19 years ago
From:
        "Juan Carlos Garcia Cuartango" <cuartangojc@mx3.redestb.es>
Subject:
        Communicatot 4.5 Frame Spoofing vulnerability
    To:
        "Chis Saito" <chriss@netscape.com>


Chris,There is a design flaw in the location bar of most of Internet browsers :
If the URL does not fit into the location box the browser will display the right
part of the URL, this behaviour produces a FRAME SPOOFING
security  hole.
I have only tested it with Communicartor 4.5 but I suspect previous versions are
also affected.There is a demo at
http://pages.whowhere.lycos.com/computers/cuartangojc/fspoof1.htmlI have
reported the issue using the official form. Russ Cooper
(NTBugtraq) give me your name as a rigth person to address the security
issues.Regards,Juan Carlos G. CuartangoPS,The same hole exists in
Microsoft Explorer browser I have also reported to them the issue.

Updated

19 years ago
Assignee: don → radha
Component: Apprunner → XPApps
Target Milestone: M9

Comment 1

19 years ago
Assigned to radha for M9.

Comment 2

19 years ago
Updating QA Contact.
Status: NEW → ASSIGNED
Target Milestone: M9 → M13

Updated

18 years ago
QA Contact: beppe → don
Target Milestone: M13 → M15
Target Milestone: M15 → M17

Comment 3

18 years ago
Move to M20 target milestone.
Target Milestone: M17 → M21

Updated

17 years ago
Status: ASSIGNED → RESOLVED
Last Resolved: 17 years ago
Resolution: --- → WORKSFORME

Comment 4

17 years ago
nav triage team:

NS 6 RTM on Win2k doesn't exhibit the spoof. Marking W4M

Updated

17 years ago
QA Contact: don → sairuh
QA Contact: sairuh → claudius
mass-verifying WorksForMe bugs which haven't changed since 2001.12.31.

set your search string in mail to "EmperorLondoMollari" to filter out these
messages.
Status: RESOLVED → VERIFIED
Product: Core → Mozilla Application Suite
You need to log in before you can comment on or make changes to this bug.