[Pidgin] #8252: Pidgin nickname html insertion
Pidgin
trac at pidgin.im
Mon Jan 26 17:18:53 EST 2009
#8252: Pidgin nickname html insertion
----------------------+-----------------------------------------------------
Reporter: jdstrand | Owner: lschiere
Type: defect | Status: closed
Milestone: | Component: unclassified
Version: 2.5.2 | Resolution: invalid
Keywords: | Launchpad_bug:
----------------------+-----------------------------------------------------
Changes (by datallah):
* status: new => closed
* resolution: => invalid
Comment:
There is no vulnerability here.
No html code is "executed".
There is no way that this can be used to directly steal anything.
The only possible problem could be that the user could click on the link
and have the URL passed to the browser be something other than what linked
text says. (Granted this could be confusing and there are phishing schemes
that try to do this to steal passwords and etc., but there isn't really
much that Pidgin can reasonably do about this)
The same "vulnerability" exists in any HTML email or web page.
--
Ticket URL: <http://developer.pidgin.im/ticket/8252#comment:1>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list