Firefox: about:blank is Phisher's Best Friend


Firefox suffers from a design flaw that can be used to confuse casual users and evoke a false sense of authority when visiting a fraudulent website. The flaw can be also used to bypass a fix for an old UI spoofing bug that was thought to be addressed.

It is possible for a script to open 'about:blank' URL in a new tab; this tab will be opened with a blank address bar (the behavior is different for new windows, where the bar will be grayed out or hidden).
SecuriTeamô - Firefox: about:blank is Phisher's Best Friend

Linked by shanmuga Friday, 23rd February 2007 7:16PM