Open redirect due to scanning QR code Firefox IOS
Categories
(Firefox :: Security, defect)
Tracking
()
People
(Reporter: verticaldark17, Unassigned)
References
(
URL
)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
Firefox Android.jpeg
This vulnerability was discovered in Firefox IOS QR code scanner, which allows users to read QR codes and open corresponding links. Exploitation of this vulnerability allows attackers to direct users to malicious sites without their consent or knowledge. This vulnerability can put the security of Firefox IOS users at risk and allow them to be exposed to phishing, phishing and malware attacks. In this report, we'll describe the vulnerability in more detail, assess its severity, and provide recommendations to address it.
See : https://hackerone.com/reports/1946534
Steps To Reproduce:
this is the QR code:
https://chart.googleapis.com/chart?cht=qr&chl=http%3A%2F%2Fevil.com&chs=180x180&choe=UTF-8&chld=L|2
The QR code above is what I generated to replicate the attack. To generate my QR code I use the site https://chart.googleapis.com/chart?cht=qr&chl=http%3A%2F%2Fevil.com&chs=180x180&choe=UTF-8&chld=L|2.
I included a malicious link in this QR code. As a link example, I'm using http://evil.com
Steps To Reproduce
- Open the Firefox IOS browser
- Then in your browser you can click the "scan QR code" option and scan the QR code that I have included my malicious link. It will automatically redirect you to the malicious site that I put in the QR code, without even asking your opinion like on Firefox Android
- However, some QR code scanners do not automatically redirect the user to the malicious site, instead displaying a link with an "Open site" option. The Firefox Android scanner implements this
- However, in the case of Firefox IOS, the browser automatically redirects the user to the malicious site without their consent, which poses a significant security risk to users.
Supporting Material/References:
https://resources.infosecinstitute.com/topic/security-attacks-via-malicious-qr-codes/
https://shahjerry33.medium.com/open-redirection-qr-code-magic-18ace1a0170f
https://hackerone.com/reports/1946534
Impact :
Here are some potential business impacts that this security vulnerability could have in Firefox IOS
The fact that Firefox IOS QR code scanner opens the link without the user's notice has a big impact on user security. This vulnerability allows an attacker to redirect a Firefox IOS user to a malicious site without the user being able to see the link and make an informed decision. This can lead to exposure to malware or phishing attacks that can compromise user data.
The actual impact depends on the nature of the malicious link to which the user is redirected. In the worst case, the link may be designed to steal sensitive information, such as credit card information, credentials, or other personal information. This can lead to loss of privacy and financial damage to the user.
Moreover, if the user is redirected to a malicious site that contains malware, then it can compromise the security of the user's device and lead to loss of important data. Overall, the fact that Firefox IOS QR code scanner automatically opens malicious links without user's notice poses a significant risk to user security and should be fixed as soon as possible.
Increased Risk of Phishing:
Exploiting this vulnerability could allow attackers to direct Firefox users to malicious sites that can be used to steal sensitive information such as usernames, passwords, banking and other personal information.
Exposure to malware:
Malicious sites that users are redirected to may also contain malware that can infect Firefox users' devices with malicious programs such as viruses, Trojans or ransomware.
Privacy loss:
Firefox users may also be at risk of privacy loss if sensitive information is stolen as a result of the exploitation of this vulnerability.
Loss of user trust: If Firefox users fall victim to attacks as a result of exploiting this vulnerability, they may lose trust in the application and seek out more secure alternatives, which could impact reputation of the application and the company.
Financial costs: If users fall victim to attacks as a result of this vulnerability, they may suffer financial losses, which may lead to legal action and financial costs to the company responsible for the application.
|
Reporter | |
Comment 1•2 years ago
|
||
Here is a video of how the vulnerability works
|
|
Reporter | |
Comment 2•2 years ago
|
||
This is an image of Firefox Android asking my opinion when scanning a QR code containing a malicious site
|
||
Updated•2 years ago
|
|
|
Reporter | |
Comment 5•2 years ago
|
||
Hi team, why can't I access 1837916?
|
|
||
Comment 6•2 years ago
|
||
You couldn't access it because I didn't CC you when I duplicated it. I've added you now so you should be able to see it.
|
||
Updated•2 years ago
|
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Description
•