Bug#382001: Location bar can be spoofed

2007-03-07 Thread Florian Weimer
* Eric Dorland: >> It turns out that I was wrong. Microsoft Internet Explorer 7 made >> that change (and should have absorbed most of the call center costs by >> now). > > Doesn't seem like upstream considers it that serious a problem. Yep. Too easy to fix, probably. Michal Zalweski recently p

Bug#382001: Location bar can be spoofed

2007-03-07 Thread Eric Dorland
reassign 382001 iceweasel forwarded 382001 https://bugzilla.mozilla.org/show_bug.cgi?id=266547 thanks * Florian Weimer ([EMAIL PROTECTED]) wrote: > * Eric Dorland: > > > Some future Firefox version? Where have you seen that? > > It turns out that I was wrong. Microsoft Internet Explorer 7 mad

Bug#382001: Location bar can be spoofed

2007-02-20 Thread Florian Weimer
* Eric Dorland: > Some future Firefox version? Where have you seen that? It turns out that I was wrong. Microsoft Internet Explorer 7 made that change (and should have absorbed most of the call center costs by now). -- Florian Weimer<[EMAIL PROTECTED]> BFK edv-consulting GmbH

Bug#382001: Location bar can be spoofed

2006-09-13 Thread Eric Dorland
* Florian Weimer ([EMAIL PROTECTED]) wrote: > * Eric Dorland: > > > I don't think the fact that it's now yellow makes that much of a > > difference. This feature has been around for a while, I think you need > > to come up with something more concrete. > > What about this? Every consumer educat

Bug#382001: Location bar can be spoofed

2006-09-12 Thread Florian Weimer
* Eric Dorland: > I don't think the fact that it's now yellow makes that much of a > difference. This feature has been around for a while, I think you need > to come up with something more concrete. What about this? Every consumer education resource on phishing recommends to check the URL of th

Bug#382001: Location bar can be spoofed

2006-08-14 Thread Eric Dorland
* Florian Weimer ([EMAIL PROTECTED]) wrote: > * Eric Dorland: > > > I'm not entirely understanding the spoof part of the attack. The > > address bar has been hideable by popups since the Netscape 4 days, is > > this actually a problem? > > It's become a problem recently because with the advent o

Bug#382001: Location bar can be spoofed

2006-08-13 Thread Florian Weimer
* Eric Dorland: > I'm not entirely understanding the spoof part of the attack. The > address bar has been hideable by popups since the Netscape 4 days, is > this actually a problem? It's become a problem recently because with the advent of the yellow location bar, users use it to recognize secur

Bug#382001: Location bar can be spoofed

2006-08-13 Thread Eric Dorland
* Florian Weimer ([EMAIL PROTECTED]) wrote: > Package: firefox > Version: 1.5.dfsg+1.5.0.6-1 > Severity: important > Tags: security > > The location bar can be spoofed, which means that the "yellow URL > input field on TLS" security feature is useless. To reproduce this, > visit http://www.nation

Bug#382001: Location bar can be spoofed

2006-08-08 Thread Florian Weimer
Package: firefox Version: 1.5.dfsg+1.5.0.6-1 Severity: important Tags: security The location bar can be spoofed, which means that the "yellow URL input field on TLS" security feature is useless. To reproduce this, visit http://www.national.com.au/ and click on first "Login" link at the upper righ