Mozilla Firefox 1.0.1 and possibly other versions, including Mozilla and Thunderbird, allows remote attackers to spoof the URL in the Status Bar via an A HREF tag that contains a TABLE tag that contains another A tag.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Firefox | Mozilla | 0.8 (including) | 0.8 (including) |
| Firefox | Mozilla | 0.9 (including) | 0.9 (including) |
| Firefox | Mozilla | 0.9-rc (including) | 0.9-rc (including) |
| Firefox | Mozilla | 0.9.1 (including) | 0.9.1 (including) |
| Firefox | Mozilla | 0.9.2 (including) | 0.9.2 (including) |
| Firefox | Mozilla | 0.9.3 (including) | 0.9.3 (including) |
| Firefox | Mozilla | 0.10 (including) | 0.10 (including) |
| Firefox | Mozilla | 0.10.1 (including) | 0.10.1 (including) |
| Firefox | Mozilla | 1.0 (including) | 1.0 (including) |
| Firefox | Mozilla | 1.0.1 (including) | 1.0.1 (including) |
| Firefox | Mozilla | preview_release (including) | preview_release (including) |
| Mozilla | Mozilla | 1.7.3 (including) | 1.7.3 (including) |
| Mozilla | Mozilla | 1.7.4 (including) | 1.7.4 (including) |
| Mozilla | Mozilla | 1.7.5 (including) | 1.7.5 (including) |
| Mozilla | Mozilla | 1.7.6 (including) | 1.7.6 (including) |
| Thunderbird | Mozilla | 0.6 (including) | 0.6 (including) |
| Thunderbird | Mozilla | 0.7 (including) | 0.7 (including) |
| Thunderbird | Mozilla | 0.7.1 (including) | 0.7.1 (including) |
| Thunderbird | Mozilla | 0.7.2 (including) | 0.7.2 (including) |
| Thunderbird | Mozilla | 0.7.3 (including) | 0.7.3 (including) |
| Thunderbird | Mozilla | 0.8 (including) | 0.8 (including) |
| Thunderbird | Mozilla | 0.9 (including) | 0.9 (including) |
| Thunderbird | Mozilla | 1.0 (including) | 1.0 (including) |
| Thunderbird | Mozilla | 1.0.1 (including) | 1.0.1 (including) |
| Mozilla | Ubuntu | dapper | * |
| Mozilla | Ubuntu | edgy | * |