Security bug Spoofing via filename download (firefox focus android)
Categories
(Focus :: General, defect, P2)
Tracking
(Not tracked)
People
(Reporter: sas.kunz, Unassigned)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-moderate, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
spooffocus.jpg
I found vulnerability via filename donwload using \n or \r . lead to spoof filename
step to produce:
1.open http://103.186.0.20/downloadspoof.html or downloadspoof.html
2. click "open" button
impact : victim can be spoofed will think that it is a document file and even though it is an apk file
|
||
Updated•2 years ago
|
|
||
Comment 2•2 years ago
|
||
The way our Android products work I would guess this is in shared "Android Components" code and will end up being a duplicate of bug 1843032.
|
||
Comment 3•2 years ago
|
||
Yes, Irene recommends we fix this bug in GeckoView or Gecko in bug 1843032, so Fenix and Focus are both fixed. I'm leaving this bug open as a reminder to test Focus after fixing bug 1843032.
|
|
||
Updated•2 years ago
|
|
||
Updated•1 year ago
|
|
|
||
Comment 4•1 year ago
|
||
(In reply to Hafiizh from comment #0)
1.open http://103.186.0.20/downloadspoof.html or downloadspoof.html
Hafiizh's server never seems to be reachable for me from California. "downloadspoof.html" refers to attachment 9343474 [details] in bug 1843032, the Fenix version of this bug.
This did turn out to be shared code so this is definitely a dupe
|
|
||
Updated•1 year ago
|
|
|
||
Updated•5 months ago
|
Description
•