Closed Bug 1343178 Opened 7 years ago Closed 7 years ago

URL decode problem -- redirect to wrong domain (probably open redirect)

Categories

(Firefox :: Untriaged, defect)

51 Branch
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 1339497

People

(Reporter: stoshins, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:51.0) Gecko/20100101 Firefox/51.0
Build ID: 20170125094131

Steps to reproduce:

Hi, I was playing with URL encoding on a site and found weird behaviour in Firefox. 
If you open https://mda2.rosevrobank.ru/bankapp%2Fcache%2Frouting link in address bar (it worked only with pasted urls to address bar, not with links on other sites) you're automatically redirected (not by site, by browser) to http://mda2mda2.rosevrobank.ru/bankapp/cache/routing

If you try to load https://mda2.rosevrobank.ru/bankapp%2Fcache/routing (last %2F replaced with /) it redirects to https://mdmda2.rosevrobank.ru/bankapp/cache/routing


Actual results:

Redirect to wrong domain. In my test cases it was possible redirect to wrong subdomain, but I'm actually not familiar with Firefox engine and don't know the root cause, maybe it can be used to redirect to wrong site (reminds the same problem in last IEs found by Sergey Bobrov)


Expected results:

I believe browser should not decode anything, but it does (and by the wrong way)
This has been previously reported, was already assessed not to be a security risk, and is already fixed in Nightly (54). The fix may end up (also) being included in 52 (the next release) but that's already in RC so it might miss that release.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.