Security Vulnerability found

[b3rito]

Hi,
 I found a security vulnerability which can unmask and infect any user
even if he is under tor.

This vulnerability consists on editing the href of a url/word and pointing
it to a any website.

scenarios of missuses:

1) prepare a browser exploit on a server and send a link to the victim. If
the victim clicks on the url which seems legit (like www.pidgin.im) he
will be redirected to the attackers server and hopefully be infected.

2) if a user uses pidgin and chats via tor, the user could reveal it's ip
address by clicking on "legit" url sent by the attacker (if the browser is
not configured to navigate via tor).



It is not that easy to explain how to generate the "bad url" so I would
like to ask you if it is possible to show it to you.

Please let me know and I would prefer continue this conversation via
jabber + otr


Best regards


b3rito

jabber: b3rito at jabber.ccc.de