Closed Bug 1942560 Opened 1 month ago Closed 1 month ago

Improper Truncation of Long Subdomain Names in Popup Leading to Spoofing

Categories

(Firefox :: Security, defect)

defect

Tracking

()

RESOLVED DUPLICATE of bug 1598175

People

(Reporter: fazim.pentester, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [client-bounty-form])

Attachments

(3 files)

Attached file poc.html

The Firefox browser address bar is not properly truncated for URLs when opened with a domain that has a long subdomain name (eg: https://secure.authentication.nationalbank.com.screen.bar/), making it susceptible to spoofing. This could result in the address bar displaying a custom domain name, potentially leading to the spoofing of the victim's browser.

Proof-of-Concept:
URL: https://secure.authentication.nationalbank.com.screen.bar/
Expected result: ....nationalbank.com.screen.bar/
Actual result: https://secure.authentication.nationalbank.com

We should properly truncate the domain name within the address instead of expanding it if a long subdomain is used. Solution example: .....screen.bar/

Steps to reproduce:

  1. Download the below poc.html file.
  2. Click on the "Open" button on the webpage and observe that a spoofed domain name popup is displayed with a not properly truncated domain name.
Flags: sec-bounty?
Attached image poc-screenshot.png
Attached image poc-screenshot.png
Status: NEW → RESOLVED
Closed: 1 month ago
Duplicate of bug: 1598175
Resolution: --- → DUPLICATE
Flags: sec-bounty? → sec-bounty-
Group: firefox-core-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: