Ken Hollis (aka Gandalf) wrote: > Has anybody seen this before? I know that the mouseover issues ... > > [FORM action=http://malicious/stuff] > [a href="https://trusted/site";] > [INPUT ...][/a] Does not seem to be a mouseover issue, but seems identical to Internet Explorer/Outlook Express Restricted Zone Status Bar Spoofing http://secunia.com/advisories/11273/ (known, unpatched, since 2004). Cheers, Paul Szabo psz@xxxxxxxxxxxxxxxxx http://www.maths.usyd.edu.au/u/psz/ School of Mathematics and Statistics University of Sydney Australia
