Closed
Bug 1422678
Opened 7 years ago
Closed 7 years ago
Email Spoofed
Categories
(Security Assurance :: General, task)
Security Assurance
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1285023
People
(Reporter: praveensmail03, Assigned: April)
Details
(Keywords: reporter-external)
Attachments
(2 files)
Mozilla.png
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/62.0.3202.94 Safari/537.36
Steps to reproduce:
Mozilla@e.mozilla.org mail id is Spoofed
Steps to reproduce:
1) Go to http://emkei.cz/
2) Fill "From Email" field to Mozilla@e.mozilla.org and accounts@firefox.com
3) Fill the victim's address (your address) to "TO" field and fill in other details as you wish.
Actual results:
You got mail from Mozilla@e.mozilla.org and accounts@firefox.com
Expected results:
accounts@firefox.com used for email confirmation and password reset so if any attacked used there own suspicious link with that email id to user to take down the account
|
Reporter | |
Comment 1•7 years ago
|
||
You have to enter one mail id for one time
|
||
Updated•7 years ago
|
Group: firefox-core-security → mozilla-employee-confidential
Component: Untriaged → General
Product: Firefox → Enterprise Information Security
|
||
Updated•7 years ago
|
Assignee: nobody → april
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
|
||
Updated•7 years ago
|
Status: ASSIGNED → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
|
Reporter | |
Updated•7 years ago
|
Flags: sec-bounty?
|
|
Reporter | |
Comment 4•7 years ago
|
||
|
|
||
Updated•7 years ago
|
Flags: sec-bounty? → sec-bounty-
|
|
||
Updated•4 years ago
|
Group: mozilla-employee-confidential
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•