Closed
Bug 1310406
Opened 8 years ago
Closed 8 years ago
Status Bar Obfuscation
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1310432
People
(Reporter: sweetshanuu, Unassigned)
Details
Attachments
(1 file)
4.58 MB,
video/mp4
|
Details |
STEPS TO REPRODUCE:- 1.Save the below script as html file (test.html i saved here) <h1> <a href="http://google.com" onclick="javascript:OB();">https://google.com</a> </h1> <script> function OB() { document.write(''); window.close(); window.open('http://evil.com'); } </script> 2.Open the HTML file in Firefox browser 3.You will see a hyperlink of google.com, So hover your mouse. 4.See the Status Bar(located at the lower left of the browser) and you will see the link where it should be redirected 5.Now, click the hyperlink and you will be redirected to another website which is not the expected website. ACTUAL RESULT:- On mouse over to hyperlink it shows the url is https://google.com, On click that it redirects to http://evil.com/ EXPECTED RESULT:- The status bar url should show the correct url that is going to redirect. Video POC is attached below
Updated•8 years ago
|
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•