Closed Bug 1268975 Opened 5 years ago Closed 5 years ago

Port Bug 1255570 to SeaMonkey - HTTP(S) URL spoof in location bar

Categories

(SeaMonkey :: Location Bar, defect)

defect
Not set
normal

Tracking

(firefox49 affected, seamonkey2.46+ affected)

RESOLVED FIXED
seamonkey2.46
Tracking Status
firefox49 --- affected
seamonkey2.46 + affected

People

(Reporter: philip.chee, Assigned: philip.chee)

References

Details

(Whiteboard: tracking-seamonkey2.45+ status-seamonkey2.45+)

Attachments

(1 file)

(from Bug 1255570 comment #0)
> Created attachment 8729168 [details]
> testcase.html
> 
> User Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like
> Gecko) Chrome/49.0.2623.87 Safari/537.36
> 
> Steps to reproduce:
> 
> Combination of data URI, Unicode characters and frames. 
> Spoof is not perfect but good enough to easily fool your mom and dad. 
> At least it worked with mine :)
> 
> Follow link in testcase file for a simple demo.
> 
> 
> 
> Actual results:
> 
> Browser navigates to arbitrary website but URL bar shows
> https://secure.paypal.com/   
> 
> 
> Expected results:
> 
> At the very least misleading Unicode characters should be detected/escaped
> and/or a big warning should be displayed.
> 
> Note: I'm submitting a similar report to Chromium.
Attachment #8747270 - Flags: review?(iann_bugzilla)
See Also: → CVE-2016-5251
Comment on attachment 8747270 [details] [diff] [review]
Patch for SeaMonkey V1

[Triage Comment]
r=me a=me for whichever branches need it.
Attachment #8747270 - Flags: review?(iann_bugzilla)
Attachment #8747270 - Flags: review+
Attachment #8747270 - Flags: approval-comm-release+
Attachment #8747270 - Flags: approval-comm-beta+
Attachment #8747270 - Flags: approval-comm-aurora+
http://hg.mozilla.org/comm-central/rev/89f9c42ded4b
http://hg.mozilla.org/releases/comm-aurora/rev/9d626f302fb6
Status: ASSIGNED → RESOLVED
Closed: 5 years ago
Resolution: --- → FIXED
Whiteboard: tracking-seamonkey2.45+ status-seamonkey2.45+
Target Milestone: --- → seamonkey2.46
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.