CVE-2004-1451

Mozilla before 1.6 does not display the entire URL in the status bar when a link contains %00, which could allow remote attackers to trick users into clicking on unknown or untrusted sites and facilitate phishing attacks.

Date published : 2005-02-13

http://bugzilla.mozilla.org/show_bug.cgi?id=228176

http://www.mozilla.org/projects/security/known-vulnerabilities.html