CSS Handling Status Bar Spoofing for 5 years

CSS Handling Status Bar Spoofing, I found this interesting vulnerability 5 years ago, and now it still exists.When the key UI module of the browser can be controled by the user , I think it is dangerous,such as the orgin of the dialog box, etc..Of course the status bar of the browser is different from the traditional browser URL spoof,it is more like a logical error in design,which led to the attacker can use CSS to draw a exactly the same status bar.Although it’s not as serious as you think about it.But I still stick to my point of view, when an attacker can control the UI module of the browser , the phishing attack may happen at any time.

Now you can try CSS Handling Status Bar Spoofing 

References:
Microsoft Internet Explorer CSS Handling Status Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/47547
Google Chrome CSS Handling Status Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/47548
Mozilla Firefox CSS Handling Status Bar Spoofing Vulnerability
http://www.securityfocus.com/bid/47549

发表评论

电子邮件地址不会被公开。 必填项已用*标注