https://bugzilla.wikimedia.org/show_bug.cgi?id=48931
--- Comment #3 from Michael M. <listenle...@gmail.com> ---
(In reply to comment #2)
> I think the more likely attack is that the evil script changes the links to
> those pages, shows a fake form, which then ships the password off to the
> attacker.
Well, those links are on [[Special:SpecialPages#Users_and_rights]], too, though
probably more users will go through their preferences. Anyway, an email
"Somebody is trying to crack your (Wikipedia|...) password [that's not even a
lie!], please visit <fake address> and change it!" sent to many users, is much
easier than changing links.
In IE in quirks mode you can also execute javascript using CSS:
.mw-special-Preferences {
color:expression(importScript("..."));
}
--
You are receiving this mail because:
You are the assignee for the bug.
You are on the CC list for the bug.
_______________________________________________
Wikibugs-l mailing list
Wikibugs-l@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/wikibugs-l
