CWE-451: User Interface (UI) Misrepresentation of Critical Information

参考: CVE-2004-2227

Web browser's filename selection dialog only shows the beginning portion of long filenames, which can trick users into launching executables with dangerous extensions.

参考: CVE-2001-0398

Attachment with many spaces in filename bypasses "dangerous content" warning and uses different icon. Likely resultant.

参考: CVE-2001-0643

Misrepresentation and equivalence issue.

参考: CVE-2005-0593

Lock spoofing from several different weaknesses.

参考: CVE-2004-1104

Incorrect indicator: web browser can be tricked into presenting the wrong URL

参考: CVE-2005-0143

Incorrect indicator: Lock icon displayed when an insecure page loads a binary file loaded from a trusted site.

参考: CVE-2005-0144

Incorrect indicator: Secure "lock" icon is presented for one channel, while an insecure page is being simultaneously loaded in another channel.

参考: CVE-2004-0761

Incorrect indicator: Certain redirect sequences cause security lock icon to appear in web browser, even when page is not encrypted.

参考: CVE-2004-2219

Incorrect indicator: Spoofing via multi-step attack that causes incorrect information to be displayed in browser address bar.

参考: CVE-2004-0537

Overlay: Wide "favorites" icon can overlay and obscure address bar

参考: CVE-2005-2271

Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. "origin validation error" of a sort?

参考: CVE-2005-2272

Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. "origin validation error" of a sort?

参考: CVE-2005-2273

Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. "origin validation error" of a sort?

参考: CVE-2005-2274

Visual distinction: Web browsers do not clearly associate a Javascript dialog box with the web page that generated it, allowing spoof of the source of the dialog. "origin validation error" of a sort?

参考: CVE-2001-1410

Visual distinction: Browser allows attackers to create chromeless windows and spoof victim's display using unprotected Javascript method.

参考: CVE-2002-0197

Visual distinction: Chat client allows remote attackers to spoof encrypted, trusted messages with lines that begin with a special sequence, which makes the message appear legitimate.

参考: CVE-2005-0831

Visual distinction: Product allows spoofing names of other users by registering with a username containing hex-encoded characters.

参考: CVE-2003-1025

Visual truncation: Special character in URL causes web browser to truncate the user portion of the "user@domain" URL, hiding real domain in the address bar.

参考: CVE-2005-0243

Visual truncation: Chat client does not display long filenames in file dialog boxes, allowing dangerous extensions via manipulations including (1) many spaces and (2) multiple file extensions.

参考: CVE-2005-1575

Visual truncation: Web browser file download type can be hidden using whitespace.

参考: CVE-2004-2530

Visual truncation: Visual truncation in chat client using whitespace to hide dangerous file extension.

参考: CVE-2005-0590

Visual truncation: Dialog box in web browser allows user to spoof the hostname via a long "user:pass" sequence in the URL, which appears before the real hostname.

参考: CVE-2004-1451

Visual truncation: Null character in URL prevents entire URL from being displayed in web browser.

参考: CVE-2004-2258

Miscellaneous -- [step-based attack, GUI] -- Password-protected tab can be bypassed by switching to another tab, then back to original tab.

参考: CVE-2005-1678

Miscellaneous -- Dangerous file extensions not displayed.

参考: CVE-2002-0722

Miscellaneous -- Web browser allows remote attackers to misrepresent the source of a file in the File Download dialog box.