Closed
Bug 1629438
Opened 6 years ago
Closed 6 years ago
Address Bar Spoofing
Categories
(Firefox :: Security, task)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1623888
People
(Reporter: hariharansivakumar22, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
|
22.53 KB,
image/jpeg
|
Details |
POC.JPG
Hi,
There exists a Address bar spoofing vulnerability on Firefox Browser 75.0 ( Windows 10 64Bit )
Proof:
http://2.87.76.523/%EF%B9%B0/https://google.com/test
Characters from languages are such as Persian, Arabic are displayed in right to left order, usage prescribed is Unicode Bidirectional Algorithm. Unicode characters such as U+08FF, U+FB50, etc are rendered from right to left so it can be used to spoof the URL as the user will see from left to right
Hope you take a look
Thanks
Flags: sec-bounty?
|
||
Comment 1•6 years ago
|
||
We're already tracking this.
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
|
||
Comment 2•5 years ago
|
||
No bounty, as this was previously reported and outside the overlap window.
Flags: sec-bounty? → sec-bounty-
|
||
Updated•2 years ago
|
Group: firefox-core-security
|
||
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•