Mozilla Browser 1.5 - URI MouseOver Obfuscation

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1054290 漏洞类型
发布时间 2003-12-11 更新时间 2003-12-11
CVE编号 N/A CNNVD-ID N/A
漏洞平台 Multiple CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/23433
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
source: http://www.securityfocus.com/bid/9203/info

It has been discovered that the Mozilla browser is prone to a URI obfuscation weakness that may hide the true contents of a link. The problem occurs when a user@location URI is formatted in such a way that a NULL byte is located after the user value. It is said that, when doing a mouseover of such a URI, it will cause it to only display the contents of the user value, not the entire link.

This could be used in conjunction with other URI obfuscation attacks and browser vulnerabilities to trick a user into following a malicious link. 

http://www.trusted.com%00@www.malicious.com