<< The first big Gmail flaw | Home | Easy backup of your Firefox and Thunderbird settings >>

And another IE flaw...

A new Internet Explorer flaw is out... according to Netcraft, a new spoofing flaw in IE allows an improperly coded web link to send users to a different URL than the one displayed in the status bar.

If you try to create an URL with an HTML like this:

<a href="http://www.microsoft.com/"><table><tr><td><a
href="http://www.demiliani.com/">Click here to go to Microsoft Website</td></tr></table></a>

you obtain this result:

Click here to go to Microsoft Website

As you can see (if you don't have XP SP2 installed), your browser displays "microsoft.com" on the status bar, but you're redirect to my personal website... an easy way to redirect where you want, accessible to all that know a little bit of HTML.

The flaw affects versions of IE up to 6.0.2800.1106 and users running Windows XP SP2 (IE version 6.0.2900) and the open source Firefox and Mozilla browsers are not affected.

I hope on a patch because there are a lot of machines that have not installed XP SP2...

UPDATE: also Firefox has a flaw like this...

If you try to create an URL with this format:

<a href="http://www.microsoft.com/"><table><tr><td><a href="http://www.demiliani.com/">Click here to go to Microsoft Website</a></td></tr></table></a>

you obtain this link:

Click here to go to Microsoft Website

If you try to open the link on the current TAB on Firefox, it works correctly and you are redirect to Microsoft.com, but if you try to open the link on a new TAB, you are redirect to my personal website.

I hope that the new Firefox version attended for the 9th of November will be patched. 

Print | posted on Saturday, October 30, 2004 1:16 PM

Comments on this post

# re: And another IE flaw...

Requesting Gravatar...
Stefano, FireFox (and Safari it seems) are also affected. I got the info via Slashdot.

You just need to change the format of the HTML to...

<a href="http://www.microsoft.com/"><table><tr><td><a href="http://www.google.com/">http://www.microsoft .com</a></td></tr></table></a>

Then, when you try to open that link in a new tab, you end up on the wrong site.
Left by Senkwe on Oct 30, 2004 2:06 PM

# re: And another IE flaw...

Requesting Gravatar...
Thanks... you're right... if you open the link you've posted on the same TAB on Firefox, it works correctly, but if you open it on a new TAb, you're redirect to the wrong site. I hope on a patch, but maybe the attended version 1.0 will work correctly.
Left by Stefano Demiliani on Oct 31, 2004 2:20 AM

# Update for Internet Explorer 6 for XP Service Pack 2

Requesting Gravatar...
Update for Internet Explorer 6 for XP Service Pack 2
Left by Stefano Demiliani WeBlog on Nov 02, 2004 4:49 PM

# Update for Internet Explorer 6 for XP Service Pack 2

Requesting Gravatar...
Left by Stefano Demiliani WeBlog on Jan 03, 2005 5:11 PM

Your comment:

 (will show your gravatar)
 
Please add 6 and 6 and type the answer here: