Closed
Bug 1837917
Opened 1 year ago
Closed 1 year ago
Open redirect in Firefox QR Code Scanner
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1837916
People
(Reporter: contact, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
The QR Code Scanner feature in the Firefox iOS app is vulnerable to an open redirect attack. This vulnerability allows an attacker to redirect users to malicious websites or URLs, potentially leading to phishing attacks or the disclosure of sensitive information.
Steps To Reproduce:
- Launch the Firefox iOS app.
- Navigate to the Scan QR Code feature in the Home page URL (Top Right Corner).
- Create a QR Code with a specially crafted URL using https://www.the-qrcode-generator.com/
- Scan a QR code that contains a specially crafted URL with an external domain.
- Observe that the app redirects to the external domain without proper validation or user consent.
Fix:
- The QR Code Scanner should validate the URL before redirecting users.
- Implement proper input validation and URL verification in the QR Code Scanner feature to prevent open redirect vulnerabilities.
- Ensure that redirects are only allowed to trusted internal pages or authorized external domains.
- Apply the same fix for iOS and Android
Impact:
- This vulnerability could be exploited by attackers to trick users into visiting malicious websites, potentially leading to the theft of personal information, financial fraud, or other security risks.
Supporting materials/ references:
Reporter | ||
Comment 1•1 year ago
|
||
Reported 2 times same. Hence closing the 2nd report https://bugzilla.mozilla.org/show_bug.cgi?id=1837916
Status: UNCONFIRMED → RESOLVED
Closed: 1 year ago
Duplicate of bug: CVE-2024-0953
Flags: needinfo?(contact)
Resolution: --- → DUPLICATE
Updated•1 year ago
|
Flags: needinfo?(contact)
Updated•11 months ago
|
Group: firefox-core-security
Updated•15 days ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•