Mozilla Browser 1.6/1.7 - URI Obfuscation

EDB-ID:

24196

CVE:

N/A


Platform:

Windows

Published:

2004-06-14

source: http://www.securityfocus.com/bid/10532/info

A weakness is reported in Mozilla that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. 

It is reported that the weakness exists when form method GET action URI's that are appended with the %2F encoded character, several space characters and an appended '.' URI are followed.

Mozilla 1.6 and 1.7rc3 for Windows and Firefox 0.8 and 0.9rc for Windows are reportedly affected by this issue.

http://[trusted_site]%2F%20%20%20.[malicious_site]/