Potential origin spoofing because address bar truncates "facebook.com.evil.com" to "facebook.com..." instead of "...evil.com"
Categories
(Fenix :: Toolbar, defect)
Tracking
(Not tracked)
People
(Reporter: boek, Unassigned)
Details
From github: https://github.com/mozilla-mobile/fenix/issues/6762.
Steps to reproduce
- Open http://facebook.com.facebook.com.evil.com/
- Look at the portion of the URL visible in the address bar.
I originally filed this bug against desktop Firefox. On desktop, Firefox, Chrome, Edge, and Safari all do the wrong thing (show "facebook.com"):
https://bugzilla.mozilla.org/show_bug.cgi?id=1598175
Expected behavior
The URL standard says:
When the full host cannot be rendered, browsers should elide domain labels starting from the lowest-level domain label. For
example, examplecorp.com.evil.com
should be elided as...com.evil.com
, not examplecorp.com...`.Fennec and Chrome on Android do the right thing: they show
...ook.com.facebook.com.evil.com
andfacebook.com.evil.com
, respectively.Actual behavior
Fenix shows
http://facebook.com.facebook...
without showingevil.com
.Device information
- Android device: Moto G5
- Fenix version: 2.3.0
┆Issue is synchronized with this Jira Task
Change performed by the Move to Bugzilla add-on.
Updated•1 year ago
|
Updated•1 year ago
|
Description
•