Closed Bug 1265379 Opened 4 years ago Closed 4 years ago
URLBar spoofing via json
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/49.0.2623.112 Safari/537.36 Steps to reproduce: Open a new tab in firefox and paste this link in the urlbar: http://atacker.com/test","url":"mozilla.org The issue is caused becouse the url is not proprely filtred when included in the JSON responsible with the sugestions. Actual results: You will see "Vizit mozilla.org" if you click mozilla.org will go to attacker.com. Expected results: This can be used to trick users into phishing attacks.
Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1233672
You need to log in before you can comment on or make changes to this bug.