Mozilla developers have eased concerns about the severity of a security feature in Firefox that often fails to warn users when they've encountered obfuscated URLs that might lead to malicious websites. Developers of the open-source browser have known of the URL warning bypass since at least June, when it was reported here. Under …
The link Sood referred to is for a vulnerability that was fixed before chrome reached version 1 (it's specifically referring to version 0.2.149.xx, some of the earlier beta builds). It's now at version 6 in the dev branch, and should be released as version 6 within the next few weeks.
The fact that Google felt this was worthwhile to patch nearly two years ago should tell them something. At the very least they should have checked to see if that flaw still existed before making themselves look silly in an attempt to downplay the fact that their browser was found to be vulnerable to it.
Obfuscating URLs which aren't displayed?
AFAIK obfuscated URLs are only used to reassure the user that they are visiting one site when in fact they're visiting another by showing something which looks legit in the address bar but isn't (using some of the more exotic syntax features that URLs offer).
What would be the benefit of obfuscating a URL in an iframe? Iframes don't have address bars and the browser's phishing filter would display a warning anyway. If a browser does put obfuscation protection on iframes then it can be gotten round by not obfuscating it.
Or is there something I'm missing?
- +Comment Trips to Mars may be OFF: The SUN has changed in a way we've NEVER SEEN
- Vid Google opens Inbox – email for people too stupid to use email
- Pic Forget the $2499 5K iMac – today we reveal Apple's most expensive computer to date
- RUMPY PUMPY: Bone says humans BONED Neanderthals 50,000 years B.C.
- Is your home or office internet gateway one of '1.2 MILLION' wide open to hijacking?