Closed
Bug 1268975
Opened 8 years ago
Closed 8 years ago
Port Bug 1255570 to SeaMonkey - HTTP(S) URL spoof in location bar
Categories
(SeaMonkey :: Location Bar, defect)
SeaMonkey
Location Bar
Tracking
(firefox49 affected, seamonkey2.46+ affected)
RESOLVED
FIXED
seamonkey2.46
People
(Reporter: philip.chee, Assigned: philip.chee)
References
Details
(Whiteboard: tracking-seamonkey2.45+ status-seamonkey2.45+)
Attachments
(1 file)
16.11 KB,
patch
|
iannbugzilla
:
review+
iannbugzilla
:
approval-comm-aurora+
iannbugzilla
:
approval-comm-beta+
iannbugzilla
:
approval-comm-release+
|
Details | Diff | Splinter Review |
(from Bug 1255570 comment #0) > Created attachment 8729168 [details] > testcase.html > > User Agent: Mozilla/5.0 (Windows NT 6.3) AppleWebKit/537.36 (KHTML, like > Gecko) Chrome/49.0.2623.87 Safari/537.36 > > Steps to reproduce: > > Combination of data URI, Unicode characters and frames. > Spoof is not perfect but good enough to easily fool your mom and dad. > At least it worked with mine :) > > Follow link in testcase file for a simple demo. > > > > Actual results: > > Browser navigates to arbitrary website but URL bar shows > https://secure.paypal.com/ > > > Expected results: > > At the very least misleading Unicode characters should be detected/escaped > and/or a big warning should be displayed. > > Note: I'm submitting a similar report to Chromium.
Assignee | ||
Comment 1•8 years ago
|
||
Attachment #8747270 -
Flags: review?(iann_bugzilla)
Assignee | ||
Updated•8 years ago
|
See Also: → CVE-2016-5251
Assignee | ||
Updated•8 years ago
|
status-seamonkey2.46:
--- → affected
tracking-seamonkey2.46:
--- → +
Comment on attachment 8747270 [details] [diff] [review] Patch for SeaMonkey V1 [Triage Comment] r=me a=me for whichever branches need it.
Attachment #8747270 -
Flags: review?(iann_bugzilla)
Attachment #8747270 -
Flags: review+
Attachment #8747270 -
Flags: approval-comm-release+
Attachment #8747270 -
Flags: approval-comm-beta+
Attachment #8747270 -
Flags: approval-comm-aurora+
Assignee | ||
Comment 3•8 years ago
|
||
http://hg.mozilla.org/comm-central/rev/89f9c42ded4b http://hg.mozilla.org/releases/comm-aurora/rev/9d626f302fb6
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Whiteboard: tracking-seamonkey2.45+ status-seamonkey2.45+
Target Milestone: --- → seamonkey2.46
Updated•4 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•