Closed Bug 1837917 Opened 1 year ago Closed 1 year ago

Open redirect in Firefox QR Code Scanner

Categories

(Firefox :: Security, defect)

Product:
Firefox
Component:
Security
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1837916

People

(Reporter: contact, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

The QR Code Scanner feature in the Firefox iOS app is vulnerable to an open redirect attack. This vulnerability allows an attacker to redirect users to malicious websites or URLs, potentially leading to phishing attacks or the disclosure of sensitive information.

Steps To Reproduce:

  1. Launch the Firefox iOS app.
  2. Navigate to the Scan QR Code feature in the Home page URL (Top Right Corner).
  3. Create a QR Code with a specially crafted URL using https://www.the-qrcode-generator.com/
  4. Scan a QR code that contains a specially crafted URL with an external domain.
  5. Observe that the app redirects to the external domain without proper validation or user consent.

Fix:

  • The QR Code Scanner should validate the URL before redirecting users.
  • Implement proper input validation and URL verification in the QR Code Scanner feature to prevent open redirect vulnerabilities.
  • Ensure that redirects are only allowed to trusted internal pages or authorized external domains.
  • Apply the same fix for iOS and Android

Impact:

  • This vulnerability could be exploited by attackers to trick users into visiting malicious websites, potentially leading to the theft of personal information, financial fraud, or other security risks.

Supporting materials/ references:

Reported 2 times same. Hence closing the 2nd report https://bugzilla.mozilla.org/show_bug.cgi?id=1837916

Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: CVE-2024-0953
Flags: needinfo?(contact)
Resolution: --- → DUPLICATE
Flags: needinfo?(contact)
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.