Closed
Bug 1416092
Opened 7 years ago
Closed 6 years ago
Firefox 302 Redirect URL Spoofing Vulner
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1331351
People
(Reporter: evi1m0.bat, Unassigned)
Details
(Whiteboard: DUPEME)
Attachments
(1 file)
258 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.40 Safari/537.36 Steps to reproduce: 1. Open PoC URL: http://server.n0tr00t.com/firefox/urlspoofing.html 2. Click URL 3. Address bar points "google.com". But in fact, it is not "google.com". Actual results: URL Spoofing Vuln Expected results: Firefox should display URL correctly.
Reporter | ||
Updated•7 years ago
|
Summary: Firefox 56.0.2 URL Spoofing Vulner → Firefox 302 Redirect URL Spoofing Vulner
Comment 1•7 years ago
|
||
Seems fixed in nightly, and we've seen the data:<domain>.....stuff trick before so I'm sure this is a dupe.
Flags: needinfo?(dveditz)
Whiteboard: DUPEME
Reporter | ||
Comment 2•7 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #1) > Seems fixed in nightly, and we've seen the data:<domain>.....stuff trick > before so I'm sure this is a dupe. I see historical posts that use blank characters to complete data spoofing, and then judge it as a vuln and give it a fix. I think he should be the right bypass.
Updated•6 years ago
|
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Flags: needinfo?(dveditz)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•