Closed
Bug 1073886
Opened 10 years ago
Closed 7 years ago
replace about:socialerror? url param with a service type (reduces risk)
Categories
(Firefox Graveyard :: SocialAPI, defect)
Firefox Graveyard
SocialAPI
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1182786
People
(Reporter: dveditz, Unassigned)
References
Details
(Keywords: sec-want)
The about:socialerror URL takes a series of parameters that define how the dialog works, and one of those is url= of which URL to load on the Try Again button. Many of the other values on the page are looked up from the origin passed in, and it would be safer to look up the URL from the registered origin as well. (I think you'd have to pass in a service type like sidebar vs share instead)
Currently about:socialerror is not loadable by web content. In theory that prevents any problems here but we've had bugs in the past that allowed pages to bypass that restriction in various ways. A second line of defense for this would be nice.
STR
1) go to http://activations.cdn.mozilla.net/ and install one of the services there. (optional, but makes spoofing better)
2) in the url bar enter the following:
about:socialerror?mode=tryAgainOnly&origin=http://activations.cdn.mozilla.net&url=data:text/html,<h1>Twitter</h1>I'm%20an%20evil%20twitter%20phishing%20site
3) Click [Try Again]. in panels there's no URL bar to give the game away. Of course you could use a remote URL with a phishy domain as well.
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Product: Firefox → Firefox Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•