Closed Bug 1403812 Opened 7 years ago Closed 6 years ago

Address bar spoofing with RTL hostname

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Version:
57 Branch
Platform:
Unspecified
macOS
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1395508
Tracking Flags:
Tracking Status
firefox-esr52 --- fixed
firefox56 --- wontfix
firefox57 --- wontfix
firefox58 --- fixed

People

(Reporter: chromium.khalil, Unassigned)

Details

(Keywords: csectype-spoof, sec-low)

Attachments

(1 file)

Screen Shot 2017-09-28 at 04.28.55.png
431.34 KB, image/png
Details 
This does not spoof if the pref browser.urlbar.trimURLs is set to false. The LTR scheme seems to anchor the display to the right place. I can, however, reproduce the spoof with the default setting of true. The RTL domain is off to the left of the displayed portion, and the spoofy path is what users will see.

The above means you could not spoof a secure domain because we would always show the "https://" part.
Status: UNCONFIRMED → NEW
status-firefox56: --- → wontfix
status-firefox57: --- → affected
status-firefox58: --- → affected
status-firefox-esr52: --- → affected
Ever confirmed: true
Keywords: csectype-spoof, sec-low
Isn't this a dupe of bug 1395854?
(In reply to :Gijs from comment #2)
> Isn't this a dupe of bug 1395854?

Hm, maybe I meant bug 1395508. They're certainly all related. :-\
I can't reproduce the original STR anymore due to remote changes, but I'm assuming bug 1395508 improved the situation here, since we try to keep the host visible.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: