possible URL-spoofing because of font-rendering
Bug #342456 reported by
fx5
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| firefox-3.0 (Ubuntu) |
Fix Released
|
Undecided
|
Unassigned | ||
Bug Description
Binary package hint: firefox-3.0
This has to do with font-choice (and themes) and font-rendering, but I think it should be fixed in the browsers.
Using ubuntus default font, two "v"-chars together look much like one "w". In fact not really for me, but i think for an average user it works.
Example: https:/
This looks much like a secure Website of online-webbank, but in fact it isn't.
Maybe you could add small spaces between all characters in the url-bar?
I was unable to reproduce this problem using firefox for windows, even when i tried out some other fonts.
Revision history for this message
| Kees Cook (kees) wrote | #1 |
| security vulnerability: | yes → no |
| visibility: | private → public |
Revision history for this message
| fx5 (packaging) wrote | #2 |
| Changed in firefox-3.0 (Ubuntu): | |
| status: | New → Fix Released |
To post a comment you must log in.
Thanks for taking the time to report this bug and helping to make Ubuntu better. We appreciate the problem you are report, but this is not really a security problem; it should be handled as a regular bug. I have unmarked it as a security issue. Please feel free to report any other bugs you may find.