Closed
Bug 1524492
Opened 5 years ago
Closed 5 years ago
Firefox unencrypted communication for detect portal
Categories
(Firefox :: Security, enhancement)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1479168
People
(Reporter: adityachaudharyfb, Unassigned)
References
()
Details
(Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
3.21 MB,
application/zip
|
Details |
I observed that the detect portal request of Firefox (http://detectportal.firefox.com/success.txt) is unencrypted. An attacker can abuse this vulnerability to perform MITM attack. An attacker can also trick all the victim's on the same network to a perform phishing attacks and extract user details, mining crypto currencies, download malware etc.
Flags: sec-bounty?
Reporter | ||
Updated•5 years ago
|
Summary: Firefox unencrypted detect portal request → Firefox unencrypted communication for detect portal
Comment 1•5 years ago
|
||
This is by design. See comments in bug 1479168 and bug 1521377.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 2•5 years ago
|
||
Can I now publicly disclose this bug?
You need to log in
before you can comment on or make changes to this bug.
Description
•