Closed
Bug 1942560
Opened 1 month ago
Closed 1 month ago
Improper Truncation of Long Subdomain Names in Popup Leading to Spoofing
Categories
(Firefox :: Security, defect)
Firefox
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 1598175
People
(Reporter: fazim.pentester, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: [client-bounty-form])
Attachments
(3 files)
The Firefox browser address bar is not properly truncated for URLs when opened with a domain that has a long subdomain name (eg: https://secure.authentication.nationalbank.com.screen.bar/), making it susceptible to spoofing. This could result in the address bar displaying a custom domain name, potentially leading to the spoofing of the victim's browser.
Proof-of-Concept:
URL: https://secure.authentication.nationalbank.com.screen.bar/
Expected result: ....nationalbank.com.screen.bar/
Actual result: https://secure.authentication.nationalbank.com
We should properly truncate the domain name within the address instead of expanding it if a long subdomain is used. Solution example: .....screen.bar/
Steps to reproduce:
- Download the below poc.html file.
- Click on the "Open" button on the webpage and observe that a spoofed domain name popup is displayed with a not properly truncated domain name.
Flags: sec-bounty?
Reporter | ||
Comment 1•1 month ago
|
||
Reporter | ||
Comment 2•1 month ago
|
||
Updated•1 month ago
|
Updated•28 days ago
|
Flags: sec-bounty? → sec-bounty-
Updated•19 days ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•