header-logo
Suggest Exploit
vendor:
Mozilla and Firefox
by:
SecurityFocus
3.3
CVSS
MEDIUM
Link Obfuscation Weakness
20
CWE
Product Name: Mozilla and Firefox
Affected Version From: Mozilla 1.6 and Firefox 0.8
Affected Version To: Mozilla 1.7rc3 and Firefox 0.9rc
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2004

Mozilla Link Obfuscation Weakness

A weakness is reported in Mozilla that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. It is reported that the weakness exists when form method GET action URI's that are appended with the %2F encoded character, several space characters and an appended '.' URI are followed.

Mitigation:

Ensure that all links are properly validated and that any suspicious links are blocked.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10532/info

A weakness is reported in Mozilla that may allow an attacker to obfuscate the URI of a link. This could facilitate the impersonation of legitimate web sites in order to steal sensitive information from unsuspecting users. 

It is reported that the weakness exists when form method GET action URI's that are appended with the %2F encoded character, several space characters and an appended '.' URI are followed.

Mozilla 1.6 and 1.7rc3 for Windows and Firefox 0.8 and 0.9rc for Windows are reportedly affected by this issue.

http://[trusted_site]%2F%20%20%20.[malicious_site]/