Closed
Bug 1860399
Opened 8 months ago
Closed 8 months ago
(Firefox Android) Url with long name in url bar ,Not displaying the original domain in the url bar leads to spoof
Categories
(Fenix :: General, defect, P3)
Fenix
General
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1670725
People
(Reporter: sas.kunz, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
Attachments
(2 files)
i found vulnerability on firefox android where Url addrees with long name on the url bar not displaying the original domain lead to spoof
step to reproduces
- create subdomain : (for example : loginss.accounts.google.com.mozilla.org
- open http://103.186.0.20/spoofingbarfirefox.html
- click on "LOGIN TO GOOGLE" link then on the url address bar only show https://loginss.accounts.google.com
Flags: sec-bounty?
Updated•8 months ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Fenix
Updated•8 months ago
|
Flags: needinfo?(dveditz)
Comment 2•8 months ago
|
||
Bug 1629684 is a similar desktop. It's P3/S3 and has a sec-low rating.
Should we align the domain name in the address bar so the TLD is always visible?
Severity: -- → S3
Priority: -- → P3
Updated•8 months ago
|
Group: mobile-core-security
Status: NEW → RESOLVED
Closed: 8 months ago
Duplicate of bug: 1670725
Flags: needinfo?(dveditz)
Resolution: --- → DUPLICATE
Updated•7 months ago
|
Flags: sec-bounty? → sec-bounty-
Updated•17 days ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•