Closed Bug 1836598 Opened 1 year ago Closed 1 year ago

Firefox for Android Address Bar Spoofing with Long Subdomain

Categories

(Fenix :: General, defect)

Product:
Fenix
Component:
General
Type:
defect

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1670725

People

(Reporter: sourc7, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Attachments

(2 files)

Firefox Nightly - MSFT Login + Reader Mode on Pixel_4_API_33.png
81.14 KB, image/png
Details
Screenshot_2023-06-04-06-54-07-029_org.mozilla.fenix.jpg
124.80 KB, image/jpeg
Details

On Firefox for Android when I visit URL with long subdomain, I notice the subdomain is shown instead of highlighting the main domain. On Chrome for Android the main domain is highlighted no matter how long the subdomain is.

When showing the subdomain, it possible to spoof the address bar using long subdomain, in example the long spoof subdomain is: login.microsoftonline.com.x300.local, then the address bar will only show login.microsoftonline.com (Tested on Pixel_4_API_33 on default configuration + trigger reader mode icon)

Flags: sec-bounty?
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Fenix

On my Xiaomi Mi 9T Android 11 on the address bar there are no fade out effect beside the reader icon, so it looks very convincing user is on https://account.microsoftonline.com

Tested on Firefox Nightly 2023-06-03T16:08:16.244921 and Firefox Beta 2023-05-26T05:48:27.374395

Status: NEW → RESOLVED
Closed: 1 year ago
Duplicate of bug: 1598175
Resolution: --- → DUPLICATE
Group: mobile-core-security
Duplicate of bug: 1670725
No longer duplicate of bug: 1598175
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: