Re: Security Problem?

Mon, 28 Feb 2011 15:35:21 -0800 

On 2/28/2011 4:56 PM, Daniel Veditz wrote:

On 2/25/11 8:40 PM, Gus Richter wrote:

The question I have is this:
1. This is MY Bookmarks Toolbar and includes links of MY choosing.
How is it possible that one of my links can be changed by some
outside source?
2. If it is as easy as it seems, then could a destructive change
(read security problem) also be possible?


You don't say where your bookmark linked nor where you ended up,


As I clearly pointed out, it linked/sent me to:
   <http://www.mail.com/int/?ls=nvd#.1258-bluestripe-login1-undef>


but
a web site you link to can always add a redirect on their end at any
time.


Of course I know this. I would not post for something simple as that.


The bookmark itself doesn't change, but where you end up does.


I'm reporting that the bookmark and associated icon both did change:


"the link in the Bookmarks Toolbar changed its icon and actually changed 
the link to the Mail.com log-in page and sent me there."



The Navigation Toolbar reflected the different unrequested destination 
and the Bookmarks Toolbar also changed to the same different unrequested 
destination as well as the associated icon.



The icon shown is refreshed when the bookmark code thinks the page
loaded changed its icon.


Yes, yes, I understand all that. This is not a simple case such as this.

Once more, I had this link with associated icon in my Bookmarks Toolbar:

   <https://my.screenname.aol.com/_cqr/login/login.psp>

I clicked on it and it sent me to:

   <http://www.mail.com/int/?ls=nvd#.1258-bluestripe-login1-undef>


and it physically changed the link and associated icon to the latter, 
*in the bookmark*.



I thought at that moment that AOL had dumped all AOL Mail users onto 
another outfit, since I had read something many weeks ago about them 
associating themselves with another mail outfit and that the new outfit 
wanted us AOL users to register in with them. I did not want to do this, 
so I checked into this further and I found that AOL still had up their 
own log-in page. I tried it out and it worked just fine with all my 
saved mail still intact there. As I tried to explain, I then bookmarked 
(AOL.com) anew and then deleted the unwanted (MAIL.com) bookmark.


I hope I have made myself clear enough this time.

--
Gus

_______________________________________________
dev-security mailing list
dev-security@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-security






















					Reply via email to