Closed Bug 317744 Opened 19 years ago Closed 19 years ago

What appears to be a buffer overflow in location bar. Could potentially be used for phishing scams.

Categories

(Firefox :: Address Bar, defect)

x86
Windows XP
defect
Not set
critical

Tracking

()

RESOLVED DUPLICATE of bug 317746

People

(Reporter: dk323, Unassigned)

References

()

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

If you type in a large number of characters where the URL should be, the characters in the url disappear or become garbled (unreadably so).  The exact number of characters necessary to cause this glitch varies depending on which computer I try it on, but it is always a power of 2, which is what leads me to believe that it is a buffer overflow and not a disply problem.  Sites could store pages under extremely long URLs to obscure the URL and make it unverifiable, allowing them to steal passwords and bank account numbers from unwary users.

Reproducible: Always

Steps to Reproduce:
1. Copy a large string (>1000 characters) onto the clipboard.
2. Paste the string into the address bar repeatedly until the error occurs.
Actual Results:  
The URL disappears or becomes garbled.

Expected Results:  
Properly displayed the URL or displayed an error message and not attempted to load the page.

Tested on three different computers.

*** This bug has been marked as a duplicate of 317746 ***
Status: UNCONFIRMED → RESOLVED
Closed: 19 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.