Slashdot Mirror


New URL Spoofing Bug in Pre-SP2 IE

An anonymous reader writes "According to Netcraft a new security flaw has been found in Microsoft Internet Explorer which makes it possible to spoof a URL with just some simple HTML code, by enclosing two URLs and a table within a single href tag. The user will be sent to one site, but the status bar will show a fake URL. The bug apparently affects IE and Outlook Express up to but not including SP2. Firefox and Konqueror seem unaffected."

2 of 266 comments (clear)

  1. What's worse? by nile_list · · Score: 5, Interesting

    What's worse? IE being vulnerable to spoofed URLs because of malformed HTML, or Firefox crashing because of the same thing?

    --
    Gnash Gnash Gnash
  2. Re:Firefox 1.0RC1 **IS** affected by Deviate_X · · Score: 5, Interesting

    That didn't work in my 1.0PR (Win) but this did:

    <a href="http://www.microsoft.com/" onclick="location.href='http://www.google.com/';
    return false">
    http://www.microsoft.com
    </a> ...