Closed
Bug 1860399
Opened 11 months ago
Closed 11 months ago
(Firefox Android) Url with long name in url bar ,Not displaying the original domain in the url bar leads to spoof
Categories
(Fenix :: General, defect, P3)
Fenix
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1670725
People
(Reporter: sas.kunz, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
i found vulnerability on firefox android where Url addrees with long name on the url bar not displaying the original domain lead to spoof
step to reproduces
- create subdomain : (for example : loginss.accounts.google.com.mozilla.org
- open http://103.186.0.20/spoofingbarfirefox.html
- click on "LOGIN TO GOOGLE" link then on the url address bar only show https://loginss.accounts.google.com
Flags: sec-bounty?
Updated•11 months ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Fenix
Updated•11 months ago
|
Flags: needinfo?(dveditz)
Comment 2•11 months ago
|
||
Bug 1629684 is a similar desktop. It's P3/S3 and has a sec-low rating.
Should we align the domain name in the address bar so the TLD is always visible?
Severity: -- → S3
Priority: -- → P3
Updated•11 months ago
|
Group: mobile-core-security
Status: NEW → RESOLVED
Closed: 11 months ago
Duplicate of bug: 1670725
Flags: needinfo?(dveditz)
Resolution: --- → DUPLICATE
Updated•11 months ago
|
Flags: sec-bounty? → sec-bounty-
Updated•4 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•