Thank you for being a valued part of the CNET community. As of December 1, 2020, the forums are in read-only format. In early 2021, CNET Forums will no longer be available. We are grateful for the participation and advice you have provided to one another over the years.

Thanks,

CNET Support

General discussion

Mozilla Status Bar Manipulation Weakness

Dec 11, 2003 11:50PM PST

Secunia Advisory: SA10419
Release Date: 2003-12-12


Critical: Not critical
Impact: Security Bypass
ID Spoofing

Where: From remote



Software: Mozilla 1.0
Mozilla 1.1
Mozilla 1.3
Mozilla 1.4
Mozilla 1.5




Description:
A weakness has been identified in Mozilla, which can be exploited by malicious people to manipulate information displayed in the status bar.

It is possible to manipulate information displayed in the status bar by including the URL encoded representation "%00" in a link. Since this can be done without using any script code, disabling the script setting "Change status bar text" will not prevent this.

http://www.secunia.com/advisories/10419/

Discussion is locked