Re: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability

[Jan Kluka <kluka () no-junk-please ii fmph uniba sk>]

On Mon, May 17, 2004 at 01:09:21PM -0800, thegeekmeister () SAFe-mail net wrote:
> i find that this apparently works just the same in mozilla firefox on gentoo linux 2004.1.  the only way to detect 
> that this is an image, or an image map, at all is to look at the source, or to select the text, as right clicking 
> does not allow saving image or copying image location.

It does NOT work in Mozilla Firefox 0.8 (official GNU/Linux gtk2+xft
build).  If the cursor is in certain area _around_ the link, the statusbar
shows http://www.microsoft.com/, but when the cursor points _at_ the link,
the statusbar shows http://www.linux.com/.
                                                Jan

> -------- Original Message --------
> From: Kurczaba Associates advisories <advisories () kurczaba com>
> Apparently from: bugtraq-return-14371-thegeekmeister=safe-mail.net () securityfocus com
> To: bugtraq () securityfocus com
> Subject: Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
> Date: Mon, 17 May 2004 14:14:32 -0400
>
> > Microsoft Internet Explorer ImageMap URL Spoof Vulnerability
> >
> > http://www.kurczaba.com/securityadvisories/0405132.htm
> > -------------------------------------------------------------
> >
> > Vulnerability ID Number:
> > 0405132
> >
> >
> > Overview:
> > A vulnerability has been found in Microsoft Internet Explorer. A 
> > specially coded ImageMap can be used to spoof the URL displayed in the 
> > lower, left hand corner of the browser.
(...)