1368792 - Firefox Search Bar Vulnerability

Status: RESOLVED INVALID

(Firefox :: Search, defect)

Description

[athuljayaram]

Attachment: POC

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0
Build ID: 20170307221322

Steps to reproduce:

Entered a text in firefox default search bar in

User Input

 <ip-address|digits of n length>/<any arabic string or arabic+chinese string of n length>/<any EN string or domain name>

eg:

43.22.11.33/تمامی مطالب مربوط به روتر های/mozilla.org

54.43.112.124/ مطالب مربوط به روتر های  你好，你好吗/mozilla.org




Actual results:

Firefox passed the  input as  the below string to Google search

mozilla.org/تمامی مطالب مربوط به روتر های/43.22.11.33

你好，你好吗/54.43.112.124/ مطالب مربوط به روتر های/mozilla.org



Expected results:


43.22.11.33/تمامی مطالب مربوط به روتر های/mozilla.org

54.43.112.124/ مطالب مربوط به روتر های 你好，你好吗/dmozilla.org

Comment 1

[athuljayaram]

Checked on version Firefox version 53

The issue is still there in the search bar

Comment 2

[:Gijs (he/him)]

This isn't a security issue that needs to stay hidden.

It's also not a Firefox bug. As you can see in the location bar, we passed the string exactly as typed. The problem is that Google determines that your input contained RTL characters, and it sets the direction of the textbox and its containing elements to dir=rtl, which causes the display of the string to swap around, with the LTR blocks in the string (ie the numbers and ascii domain) to display LTR individually, but to be in reverse order generally.

As a result, resolving as invalid.

Comment 3

[athuljayaram]

Hi Gijs, 
  Thanks for the reply. I understood the bug is at Google's side. I have informed their security team 12 hours back and I forgot to mark this as invalid

Thanks a lot for your time sir.