Information, OpenSourceSoftware, Security

Status Bar Obfuscation / Clickjacking in Firefox

I posted this as a test on my site, to show this funky behavior in Firefox to my friends:
http://download.gamelinux.org/code/mozilla/mz.html

Its modified from MrDougs code found on Milw0rm, to be a bit more local (Norway ftw).

It looks like a link to the Norwegian web of Skandiabanken (Internet based bank), but its really not… The status bar will as well tell you that the link points to Skandiabanken.. but clicking on it, will take you to http://www.gamelinux.org/. This is just to demonstrate the bug, and not to harm anyone or any thing… Its harmless 🙂

I posted it on January 21th 2009, but still (6th of February 2009) my Firefox v3.0.5 (Ubuntu Hardy) + NoScript v1.9.0.1 is acting funky…

Status Bar Obfuscation / Clickjacking in Firefox

Don’t believe what you click!

Advertisements
Standard

2 thoughts on “Status Bar Obfuscation / Clickjacking in Firefox

  1. Sure, but why isn’t this a simpler equivalent?

    (pointies removed so it displays as html code)

    a href=”http://www.skandiabanken.no/”
    onclick=”document.location=’http://www.gamelinux.org/’; return false”

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s