Mozilla developers have eased concerns about the severity of a security feature in Firefox that often fails to warn users when they've encountered obfuscated URLs that might lead to malicious websites. Developers of the open-source browser have known of the URL warning bypass since at least June, when it was reported here. Under …
The link Sood referred to is for a vulnerability that was fixed before chrome reached version 1 (it's specifically referring to version 0.2.149.xx, some of the earlier beta builds). It's now at version 6 in the dev branch, and should be released as version 6 within the next few weeks.
The fact that Google felt this was worthwhile to patch nearly two years ago should tell them something. At the very least they should have checked to see if that flaw still existed before making themselves look silly in an attempt to downplay the fact that their browser was found to be vulnerable to it.
Obfuscating URLs which aren't displayed?
AFAIK obfuscated URLs are only used to reassure the user that they are visiting one site when in fact they're visiting another by showing something which looks legit in the address bar but isn't (using some of the more exotic syntax features that URLs offer).
What would be the benefit of obfuscating a URL in an iframe? Iframes don't have address bars and the browser's phishing filter would display a warning anyway. If a browser does put obfuscation protection on iframes then it can be gotten round by not obfuscating it.
Or is there something I'm missing?
- Review Is it an iPad? Is it a MacBook Air? No, it's a Surface Pro 3
- Hello, police, El Reg here. Are we a bunch of terrorists now?
- Microsoft refuses to confirm 'Windows 9' unzip lip slip
- The Register to boldly go where no Vulture has gone before: The WEEKEND
- Netflix swallows yet another bitter pill, inks peering deal with TWC