Closed
Bug 1371812
Opened 7 years ago
Closed 7 years ago
URL spoofing
Categories
(Firefox :: Address Bar, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1370497
People
(Reporter: rayyanh12, Unassigned)
Details
Attachments
(1 file)
6.98 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:53.0) Gecko/20100101 Firefox/53.0 Build ID: 20170518000419 Firefox for Android Steps to reproduce: http://xn--gmail-bgd.com/ (does not show in punnycode) What went wrong? More info: (latin small letter i with dot above) <U+0069, U+0307> Actual results: By adding "i̇" we can actually spoof the URL More info: (latin small letter i with dot above) <U+0069, U+0307>
I kind of distorted the format - Ignore the *What went wront?* part.
Updated•7 years ago
|
Component: Untriaged → Location Bar
Comment 2•7 years ago
|
||
This is being discussed in bug 1370497 and it doesn't seem that having 2 bugs open is really useful - the general category of these combining marks is at issue, not individual characters.
Status: UNCONFIRMED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
Updated•4 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•