9 lines
No EOL
629 B
Text
9 lines
No EOL
629 B
Text
source: https://www.securityfocus.com/bid/10532/info
|
|
|
|
A weakness is reported in Mozilla that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users.
|
|
|
|
It is reported that the weakness exists when form method GET action URI's that are appended with the %2F encoded character, several space characters and an appended '.' URI are followed.
|
|
|
|
Mozilla 1.6 and 1.7rc3 for Windows and Firefox 0.8 and 0.9rc for Windows are reportedly affected by this issue.
|
|
|
|
http://[trusted_site]%2F%20%20%20.[malicious_site]/ |