New URL Spoofing Bug in Pre-SP2 IE
An anonymous reader writes "According to Netcraft a new security flaw has been found in Microsoft Internet Explorer which makes it possible to spoof a URL with just some simple HTML code, by enclosing two URLs and a table within a single href tag. The user will be sent to one site, but the status bar will show a fake URL. The bug apparently affects IE and Outlook Express up to but not including SP2. Firefox and Konqueror seem unaffected."
What's worse? IE being vulnerable to spoofed URLs because of malformed HTML, or Firefox crashing because of the same thing?
Gnash Gnash Gnash
That didn't work in my 1.0PR (Win) but this did:
<a href="http://www.microsoft.com/" onclick="location.href='http://www.google.com/';
return false"> ...
http://www.microsoft.com
</a>