truncate URL bar from the front, preserve the important parts of the domain
Categories
(Fenix :: Toolbar, defect, P2)
Tracking
(Not tracked)
People
(Reporter: kirtikumar.a.r, Unassigned)
References
(Depends on 1 open bug, )
Details
(Keywords: csectype-spoof, sec-moderate, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Assigned to:- Firefox
Assigned by:- Kirtikumar Anandrao Ramchandani
Assigned on:- 11/10/2020
Vulnerability Name:- Hostname not elided securely (URL Spoofing on Android browser).
Vulnerability Details:- The browser shown the first past instead of the hostname.
Platform:- Android
Application Version:-
- Firefox Browser 81.1.4
- Firefox Lite 2.5.2
- Firefox Browser Beta 82.0.0-beta.4
- Firefox Focus 8.8.1
- Firefox Nightly 201010 17:10
Device:- Xiaomi Redmi Note 5 Pro (Android 9) (Build/PKQ1.180904.001)
Video Proof of concept:- https://drive.google.com/file/d/1QOSJyQWM6DIVFgPXHHn1Nd9ynJ6WoMjz/view?usp=sharing
Original PoC uploaded on:- https://kirtikumarar.com/Firefox_PoC.html
The result observed:- http://wwww.manage-myaccount.paypal.com....
Result Expected:- http://....bntk.pl
Steps to reproduce:-
- Load the Website or the attached testcase.
- Click on "Click here to go to Google.com"
- Go back to the parent tab and observe the URL in the address bar.
|
||
Updated•4 years ago
|
|
||
Comment 1•4 years ago
|
||
I don't see what the popup does here. It does not seem particularly important to this. This seems like a variant of https://github.com/mozilla-mobile/fenix/issues/6762 and that the parts of the domain that Firefox chooses to display could be improved.
|
||
Comment 2•4 years ago
|
||
This is a regression from Fennec - I'm pretty sure there much be a dupe (in addition to Chris's github issue)
|
||
Comment 3•3 years ago
•
|
||
Petru, Can you investigate this one, and check if the github issue mentioned by kevin is related to this. Thanks!
|
|
||
Comment 4•3 years ago
|
||
The ideal solution here is for GV to fix bug 1685152 and then port the Fennec or Desktop URL parsing code to Fenix/AC.
|
||
Comment 5•3 years ago
|
||
Seems like the issue Kevin posted would indeed resolve this and was something that Sebastian & Kate wanted to tackle.
If they don't have cyles to work on this now I'll look into it.
Keeping a NI here to know to follow this.
|
|
||
Comment 6•3 years ago
|
||
Agi's newly opened ticket would probably help with this.
Thank you Kevin!
Adding him to this ticket also.
|
|
||
Updated•3 years ago
|
|
Reporter | |
Comment 7•3 years ago
|
||
Happy new year!
Opera has fixed the same issue in Opera Mini (Android). Here: https://twitter.com/Kirtikumar_A_R/status/1348569263548755971
|
|
||
Comment 8•3 years ago
|
||
Unfortunately this issue was already known to us (see the linked github issue) and is not eligible for a bug bounty.
|
|
Reporter | |
Comment 9•3 years ago
|
||
This issue will atleast receive CVE, yes? Issue where it shows LTR instead of RTL. Thanks!
|
|
||
Comment 10•3 years ago
|
||
I don't know how advisories and CVEs are handled for Firefox Lite.
|
|
Reporter | |
Comment 11•3 years ago
|
||
Can you add somebody in the CC who can assign a CVE?
|
|
||
Comment 12•2 years ago
|
||
Removing my NI while we wait for https://bugzilla.mozilla.org/show_bug.cgi?id=1685152
|
||
Comment 13•2 years ago
|
||
GV would expose Gecko's URI API (bug 1685152) to Fenix frontend.
|
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
|
||
Updated•1 year ago
|
| Comment hidden (off-topic) |
|
|
||
Updated•1 year ago
|
|
|
||
Updated•1 year ago
|
|
|
||
Comment 20•5 months ago
|
||
See also RTL bug 1427647
|
|
||
Updated•2 months ago
|
Description
•