GNOME Bugzilla – Bug 123712
Fraud prevention feature
Last modified: 2004-12-22 21:47:04 UTC
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=212755 requests: Please forward upstream: Every HTTP URL can be written in the form username:password@host It is very possible that username could be filled in with something that looks like a legitimate host, and host could be filled in with a malicious host. An example of this: http://www.citibank.com:ac=VybznNffNxknAUxPrfE2jYaQUptJ@a3ksd.PiSeM.NeT/ This real fraud site has disguised its malicious host in such a way that most ordinary users would not recognize that it is not really citibank.com's website. It has been reported (in discussion on vox-tech@lists.lugod.org) that Opera has a feature where specifying a username in the URL will cause a dialog box to pop up warning of this, like so: Security warning: You are about to go to an address containing a username. Username: www.citibank.com Server: a3ksd.pisem.net Are you sure you want to go to this address? Could you add a feature like this to Galeon to help users more easily protect themselves against fraud?
http://bugzilla.mozilla.org/show_bug.cgi?id=122445
I'm pretty sure this is implemented in mozilla 1.7, i get a dialog box warning me that i'm going to a3ksd.whatever and not citibank.com. however, clicking No still opens the site....
This is properly fixed in 1.7.5: https://bugzilla.mozilla.org/show_bug.cgi?id=263263