Closed
Bug 1875889
Opened 2 years ago
Closed 2 years ago
Open redirect in Firefox WebXR Viewer iOS QR Code Scanner
Categories
(Firefox for iOS :: General, defect)
Firefox for iOS
General
Tracking
()
RESOLVED
DUPLICATE
of bug 1875890
People
(Reporter: contact, Unassigned)
References
()
Details
(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])
The QR Code Scanner feature in the Firefox WebXR Viewer iOS app is vulnerable to an open redirect attack. This vulnerability allows an attacker to redirect users to malicious websites or URLs, potentially leading to phishing attacks or the disclosure of sensitive information.
Steps To Reproduce:
- Launch the Firefox WebXR Viewer iOS app.
- Navigate the QR code scanner in the Home page search bar (Top Right Side)
- Create a QR Code with a specially crafted URL using https://www.the-qrcode-generator.com/
- Scan a QR code that contains a specially crafted URL with an external domain.
- Observe that the app redirects to the external domain without proper validation or user consent
Fix:
- The QR Code Scanner should validate the URL before redirecting users.
- Implement proper input validation and URL verification in the QR Code Scanner feature to prevent open redirect vulnerabilities.
- Apply the same fix for Android as well.
Impact
- This vulnerability could be exploited by attackers to trick users into visiting malicious websites, potentially leading to the theft of personal information, financial fraud, or other security risks.
|
Reporter | |
Updated•2 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 2 years ago
Duplicate of bug: 1875890
Resolution: --- → DUPLICATE
|
||
Updated•2 years ago
|
Group: firefox-core-security → mobile-core-security
Component: Security → General
Product: Firefox → Firefox for iOS
|
||
Updated•2 years ago
|
Group: mobile-core-security
|
||
Updated•2 years ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•