What steps will reproduce the problem?
1. create a html doc with some html code
2. open this html and click in "prepared" link
3.
What is the expected output? What do you see instead?
browser shows real URL But it has a weakness and a attacker can show a empty
URL.
This weakness can be used for pishing or spoof attacks because you can think
that you are in bank of america for example and the browser don't show nothing
in URL :) see qt1.jpg
Also a attacker can compose a popup with atributes
'toolbar=0,scrollbars=0,location=0,statusbar=0,menubar=0 and it can be used too
for spoof or phishing attacks. see qt2.jpg
I have a Proof of Concept for this issue...
What version of the product are you using? On what operating system?
QTweb 3.7.2 and 3.7.3 (buils 087) and posible prior versions.
Please provide any additional information below.
Original issue reported on code.google.com by lost...@gmail.com on 28 Sep 2011 at 4:46
Original issue reported on code.google.com by
lost...@gmail.com
on 28 Sep 2011 at 4:46Attachments: