Closed Bug 1463339 Opened 8 years ago Closed 8 years ago

External DNS Request in http://detectportal.firefox.com/success.txt

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1431925

People

(Reporter: zhuonan.lzn, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, sec-low, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Hi firefox team, The application performed a DNS lookup of the specified domain. Original Request: GET /success.txt HTTP/1.1 Host: detectportal.firefox.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: close ---------------------------- Modify host to arbitrary domain: GET /success.txt HTTP/1.1 Host: request.from.firefox.dns.a0zy.com User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.13; rv:60.0) Gecko/20100101 Firefox/60.0 Accept: */* Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Cache-Control: no-cache Pragma: no-cache Connection: close ---------------- DNS Request Received: Time: Tue May 22 14:42:10 2018 IP: 104.80.89.22 Request: request.from.firefox.dns.a0zy.com ------------------End ----------------------
Flags: sec-bounty?
Hi a0zy, thanks for the report. This was reported earlier in bug 1431925. We have investigated a little bit and decided it does not have any immediate security implications. Please feel free to prove us wrong though with a viable attack scenario.
Keywords: sec-low
See Also: → 1431925
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-
Group: websites-security
You need to log in before you can comment on or make changes to this bug.