Closed Bug 1073886 Opened 9 years ago Closed 6 years ago
replace about:socialerror? url param with a service type (reduces risk)
The about:socialerror URL takes a series of parameters that define how the dialog works, and one of those is url= of which URL to load on the Try Again button. Many of the other values on the page are looked up from the origin passed in, and it would be safer to look up the URL from the registered origin as well. (I think you'd have to pass in a service type like sidebar vs share instead) Currently about:socialerror is not loadable by web content. In theory that prevents any problems here but we've had bugs in the past that allowed pages to bypass that restriction in various ways. A second line of defense for this would be nice. STR 1) go to http://activations.cdn.mozilla.net/ and install one of the services there. (optional, but makes spoofing better) 2) in the url bar enter the following: about:socialerror?mode=tryAgainOnly&origin=http://activations.cdn.mozilla.net&url=data:text/html,<h1>Twitter</h1>I'm%20an%20evil%20twitter%20phishing%20site 3) Click [Try Again]. in panels there's no URL bar to give the game away. Of course you could use a remote URL with a phishy domain as well.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.