Closed Bug 1952154 Opened 1 month ago Closed 1 month ago

[Android] Firefox http auth spoof

Categories

(Firefox for Android :: General, defect)

Product:
Firefox for Android
Component:
General
Type:
defect

Tracking

()

Status:
RESOLVED DUPLICATE of bug 1631073

People

(Reporter: ameenbasha111, Unassigned)

References

Details

(Keywords: csectype-spoof, reporter-external, Whiteboard: [client-bounty-form])

Attachments

(2 files)

http-auth-spoof.html
713 bytes, text/html
Details
Firefox-android-http-auth-spoof.mp4
8.96 MB, video/mp4
Details
Attached file http-auth-spoof.html

HI Team, Firefox latest version on android is vulnerable for this auth spoof vulnerability which displays the http basic auth bar on the wrong domain

Steps to reproduce

  1. Host the attached html
  2. Click the button, You can see the basic auth is displayed on google domain

Note: issue already fixed on chrome ios
Ref: https://issues.chromium.org/issues/40055876

Flags: sec-bounty?
Group: firefox-core-security → mobile-core-security
Component: Security → General
Keywords: csectype-spoof, dupeme
Product: Firefox → Fenix
See Also: → https://issues.chromium.org/issues/40055876
Status: UNCONFIRMED → RESOLVED
Closed: 1 month ago
Duplicate of bug: 1631073
Resolution: --- → DUPLICATE

the duplicated parent issue was opened for 5 long years, do we have any plan to initiate fix with respect to this ticket?

Group: mobile-core-security
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: