Closed Bug 1808119 Opened 2 years ago Closed 2 years ago

Firefox Browser Spoofing URL to Download File

Categories

(Toolkit :: Downloads API, defect)

Product:
Toolkit
Component:
Downloads API
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 741050

People

(Reporter: alisyarief.404, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(2 files)

Spoofing.html
616 bytes, text/html
Details
Spoof_Firefox.mp4
8.09 MB, video/mp4
Details
Attached file Spoofing.html

This code when clicked, will open a new tab to the website "https://gmail.com" and will also trigger a download of the file located at "http://URL/Data_From_Gmail.pdf".

Repro Steps
macOS Mojave : 10.14.6 (18G9323)
Firefox Version : 108.0.1 (64-bit)

Impact :
Victim will believe file download is from gmail

Remediation :
Show download sources URL origin in prompt

This vulnerability like issue CVE-2021-21133 but this new methode and execute
And After research this script not execute in Modern Android Browser

Flags: sec-bounty?
Attached video Spoof_Firefox.mp4

Video Prof Of Concept

Component: Security → Downloads API
Product: Firefox → Toolkit
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 741050
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: