Browser Download Spoofing
Categories
(Firefox :: Security, defect)
Tracking
()
People
(Reporter: vijay.tikudave, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(1 file)
1.00 KB,
text/html
|
Details |
Security Description:
Attack Vector: The attacker utilizes crafted HTML content to deceive users into believing they are downloading a legitimate file from java.com.
Spoofing Mechanism: The attacker's HTML content modifies the user interface to display a download bar and a trusted site URL in the address bar, creating a false sense of trust and legitimacy.
Backend Download Source: Instead of downloading the file from java.com, the victim unknowingly initiates a download from the attacker's server, potentially exposing them to malicious content.
Impact:
User Trust: By exploiting the user's trust in the browser and the perceived authenticity of the download source, the attacker can deceive victims into downloading and executing malicious files without their knowledge.
Malware Distribution: This vulnerability facilitates the distribution of malware, as victims believe they are downloading a trusted application but end up infecting their systems with malicious content.
Steps to Reproduce:
To reproduce this vulnerability, please follow these steps:
- Craft an HTML page that resembles a download page for Java for Windows from java.com.
- Host the malicious HTML page on an attacker-controlled server.
- Send the victim a link to the malicious HTML page.
- When the victim clicks the download link, the HTML content should initiate a download from the attacker's server while making it appear as if it is downloading from java.com.
- Observe that the victim's browser displays a download bar and a trusted site URL in the address bar, further enhancing the illusion of a legitimate download.
It is crucial to address this vulnerability promptly to prevent the exploitation of user trust and the potential spread of malware
Reporter | ||
Comment 1•1 year ago
|
||
we can reduce set-timeout value to look it more legitimate
Updated•1 year ago
|
Updated•1 year ago
|
Updated•4 months ago
|
Description
•