7 lines
No EOL
636 B
Text
7 lines
No EOL
636 B
Text
source: https://www.securityfocus.com/bid/9203/info
|
|
|
|
It has been discovered that the Mozilla browser is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a NULL byte is located after the user value. It is said that, when doing a mouseover of such a URI, it will cause it to only display the contents of the user value, not the entire link.
|
|
|
|
This could be used in conjunction with other URI obfuscation attacks and browser vulnerabilities to trick a user into following a malicious link.
|
|
|
|
http://www.trusted.com%00@www.malicious.com |