On Mon, May 17, 2004 at 01:09:21PM -0800, thegeekmeister@xxxxxxxxxxxxx wrote:
> i find that this apparently works just the same in mozilla firefox on gentoo
> linux 2004.1. the only way to detect that this is an image, or an image map,
> at all is to look at the source, or to select the text, as right clicking
> does not allow saving image or copying image location.
It does NOT work in Mozilla Firefox 0.8 (official GNU/Linux gtk2+xft
build). If the cursor is in certain area _around_ the link, the statusbar
shows http://www.microsoft.com/, but when the cursor points _at_ the link,
the statusbar shows http://www.linux.com/.
Jan
>
> -------- Original Message --------
> From: Kurczaba Associates advisories <advisories@xxxxxxxxxxxx>
> Apparently from:
> bugtraq-return-14371-thegeekmeister=safe-mail.net@xxxxxxxxxxxxxxxxx
> To: bugtraq@xxxxxxxxxxxxxxxxx
> Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
> Date: Mon, 17 May 2004 14:14:32 -0400
>
> > Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
> >
> > http://www.kurczaba.com/securityadvisories/0405132.htm
> > -------------------------------------------------------------
> >
> > Vulnerability ID Number:
> > 0405132
> >
> >
> > Overview:
> > A vulnerability has been found in Microsoft Internet Explorer. A
> > specially coded ImageMap can be used to spoof the URL displayed in the
> > lower, left hand corner of the browser.
> >
(...)