Closed Bug 1524492 Opened 5 years ago Closed 5 years ago

Firefox unencrypted communication for detect portal

Categories

(Firefox :: Security, enhancement)

Product:
Firefox
Component:
Security
Type:
enhancement
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1479168

People

(Reporter: adityachaudharyfb, Unassigned)

References

(
URL
)

Details

(Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(1 file)

firefox_detect_portal_mitm_poc.zip
3.21 MB, application/zip
Details

I observed that the detect portal request of Firefox (http://detectportal.firefox.com/success.txt) is unencrypted. An attacker can abuse this vulnerability to perform MITM attack. An attacker can also trick all the victim's on the same network to a perform phishing attacks and extract user details, mining crypto currencies, download malware etc.

Flags: sec-bounty?
Summary: Firefox unencrypted detect portal request → Firefox unencrypted communication for detect portal

This is by design. See comments in bug 1479168 and bug 1521377.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE

Can I now publicly disclose this bug?

yes, this is known behavior.

Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: