Closed
Bug 285667
Opened 20 years ago
Closed 20 years ago
False links can spoof the user.
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 257307
People
(Reporter: marc, Assigned: bugzilla)
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.5) Gecko/20041109 Firefox/1.0
I hope a few of the developers for Netscape, Mozilla, Firefox, and Thunderbird
are reading this because I am a bit angry that I have to think of this for you.
There is a simple security fix that OUGHT to be in every browser and email
handler and it is this. IF A LINK URL IS GIVEN IN THE DOCUMENT THAT DESCRIBES
ONE URL WHILE ACTUALLY POINTING TO A DIFFERENT URL, THE USER OUGHT TO SEE A BIG
RED POPUP SAYING "DANGER DANGER WILL ROBINSON!"
So for example if the html code is something like -
<a href="www.somesleazebag.com">www.somerealplace.com</a>
it should be very simple to catch this type of spoofing and give the poor user a
heads up warning! AND this should be the default behaviour if you want to make
it a user settable option.
I am seeing a lot of email that trys to sucker the poor users into giving up
vital information by pretending to be coming from a legitimate place, then
actually redirecting them to a website that pretends to be that site and thus
gain access to vital information. Sites like PayPals and EBay are prime
examples. I get a lot of junk email trying to claim I must update my account
information of some such at PayPals. I am an engineer so I know to check links
before using them, BUT YOUR AVERAGE USER DOES NOT!!!!.
Expecting the average user to be aware of such redirection attempts is WAY
BEYOND their capabilities! MOST USERS DO NOT HAVE A CLUE HOW LINKING EVEN WORKS!
PERIOD! This is a place where you developers need to design your software for
users, NOT for other engineers and computer scientists!
Reproducible: Always
Expected Results:
I expect a big loud warning to pop up saying the URL may be a spoof!
Comment 1•20 years ago
|
||
This is just a simple (non JS) variant of bug 257307, marking as DUP.
*** This bug has been marked as a duplicate of 257307 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•