Closed
Bug 1843468
Opened 2 years ago
Closed 2 years ago
Firefox iOS SSL Lock Spoof via https://facebook.com:83
Categories
(Firefox for iOS :: General, defect)
Firefox for iOS
General
Tracking
()
RESOLVED
DUPLICATE
of bug 1843467
People
(Reporter: proof131072, Unassigned)
References
()
Details
(Keywords: csectype-spoof, reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
We are able to spoof SSL Lock on Firefox iOS using non-existent port from non-secure http sites. Please note that when we load with https://facebook.com:83, the duration is significantly longer which is more reliable.
Flags: sec-bounty?
|
||
Updated•2 years ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Firefox for iOS
See Also: → CVE-2024-53975
|
|
||
Comment 1•2 years ago
|
||
The source of the linked page is <script>location="https://www.facebook.com:83"</script>
|
|
||
Updated•2 years ago
|
Keywords: csectype-spoof
|
||
Updated•2 years ago
|
Status: NEW → RESOLVED
Closed: 2 years ago
Duplicate of bug: CVE-2024-53975
Resolution: --- → DUPLICATE
|
|
||
Updated•2 years ago
|
Flags: sec-bounty? → sec-bounty-
|
||
Updated•1 year ago
|
Keywords: reporter-external
|
|
||
Updated•23 days ago
|
Group: mobile-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•