Closed
Bug 1355816
Opened 9 years ago
Closed 8 years ago
Homograph attack on Personal web page in https://support.mozilla.org
Categories
(support.mozilla.org - Lithium :: General, enhancement)
support.mozilla.org - Lithium
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: testbr09, Assigned: djst)
References
()
Details
(Keywords: reporter-external, sec-low, Whiteboard: [reporter-external] [web-bounty-form])
Attachments
(1 file)
|
114.96 KB,
image/png
|
Details |
mozilla_poc.png
Hi team
I noticed that it is possible to homograph attacks in the 'Personal web page' field in https://support.mozilla.org
POC
1 access https://support.mozilla.org > my settings > on personal web page insert http://ebаy.com/
POC image attached
Flags: sec-bounty?
|
||
Comment 2•9 years ago
|
||
Status: UNCONFIRMED → NEW
Component: Other → General
Ever confirmed: true
Keywords: sec-low
Product: Websites → support.mozilla.org
|
|
||
Updated•9 years ago
|
Assignee: nobody → djst
Status: NEW → ASSIGNED
Whiteboard: [reporter-external] [web-bounty-form] [verif?] → [reporter-external] [web-bounty-form]
|
||
Comment 3•8 years ago
|
||
djst, are we going to fix this bug? People can put in any link that they want here, do we want to protect against this?
|
|
||
Updated•8 years ago
|
Flags: needinfo?(djst)
|
||
Comment 4•8 years ago
|
||
The browser correctly shows the punycode in the hover text and when you visit the site. Homograph attacks are a browser problem rather than a site problem. In any case the bug bounty program excludes phishing type attacks.
Group: websites-security
Status: ASSIGNED → RESOLVED
Closed: 8 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → WONTFIX
|
||
Updated•8 years ago
|
Product: support.mozilla.org → support.mozilla.org - Lithium
|
|
Assignee | |
Updated•8 years ago
|
Flags: needinfo?(djst)
|
||
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•