link: http://toolbar.netcraft.com/
The Netcraft toolbar may not run on FF 3.0b2.
In about:config create a new boolean extensions.checkUpdateSecurity and set its value to false
Nota Bene: You need to be aware that this bypasses a security measure, potentially someone could replace an add-on update with some malware. See: https://bugzilla.mozilla.org/show_bug.cgi?id=378216
Downloadlink for Netcraft toolbar add-on: http://toolbar.netcraft.com/
Well I don’t have the Netcraft toolbar just FF 2.0.0.13 and I got a warning, see image. I don’t know if this has anything to do with NoScript, possibly XSS protection.
I even clicked Yes just to see if the test would work, but even doing this I didn’t seem to have the vulnerability as I ended back at the same page and not displaying microsoft.com in my address bar.
Since this is supposed to be an IE test what is the reason for suggesting we try it using FF or flock ?
Also, notice that your status bar (lower left corner of IE) only displays "http://www.microsoft.com" when holding the mouse cursor over the link.
This too fails as my status bar shows the full munged URL.
You may not need the netcraft toolbar, just try the test first without it. I don’t have it and my standard version of FF didn’t fall for the vulnerability, read my post again.
In FF3b4 without netcraft (impossible to install anyway) the link looks like normal, no phishing at all. We need an urgent update from Netcraft here!!! :
And when I try to proceed, there comes a warning with yes/no buttons.
You are about to log in to the site "secunia.com" with the username "www%2Emicrosoft%2Ecom%01%00", but the website does not require authentication. This may be an attempt to trick you.
@ Rumpelstiltskin
From your reply #5 it looks like you failed the test rather than passed as you mentioned the link looks normal, normal would have been only seeing microsoft.com and not secunia.
You are also getting an alert about possible trick, so again you are passing the test. So a0 you don’t need the netcraft toolbar and they theoretically don’t need to update it to work with the beta as the beta passes the test.
I wonder if there is a strange bug in your Firefox. ;D I may have quoted gdiloren’s post at reply #5 but didn’t write it by myself: You appear to have mistaken me for gdiloren.
Clicking the link should really have given a Confirmation window, Yes, No with the text that it might be trying to trick you. Like the image that I posted.
However, at least the status bar displays that the link is somewhat strange and that it doesn’t display and shows clearly in the address bar. So I would say that was a ‘qualified’ success.