[vox-tech] New phishing vulnerability

Larry Ozeran vox-tech@lists.lugod.org
Sat, 13 Dec 2003 21:49:11 -0800


NS 4.7 shows the entire address in the status bar when hovering over the
link and does not appear to be affected by the %00 bug.

- Larry

At 02:18 AM 12/13/03 +0000, you wrote:
>On Fri, Dec 12, 2003 at 04:52:52PM -0800, Larry Ozeran wrote:
>> After clicking the "Click me" link in NS 4.7 my address bar shows:
>> http://www.paypal.com%00@wizardstower.net/
>
>But the question is what does it show in the status bar while hovering?
The 0x01 bug only affects IE, but the %00 bug affects both IE and Moz (at
least 1.5) I'd be interested what NS 4.7 does.
>_______________________________________________
>vox-tech mailing list
>vox-tech@lists.lugod.org
>http://lists.lugod.org/mailman/listinfo/vox-tech
>
>