Closed Bug 229013 Opened 21 years ago Closed 21 years ago

URL Spoofing Vulnerability

Categories

(Firefox :: General, defect)

Product:
Firefox
Component:
General
Platform:
x86
Windows XP
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
VERIFIED DUPLICATE of bug 228176

People

(Reporter: gtombros, Assigned: bugzilla)

Details

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031028 Firebird/0.6.1 StumbleUpon/1.8
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.6a) Gecko/20031028 Firebird/0.6.1 StumbleUpon/1.8

Firebird has the same URL spoofing vulnerability as IE 6.0.  This URL can be
used to test the vulnerability by spoofing a PayPal site and Windows Update Site:

http://security.openwares.org/


Reproducible: Always

Steps to Reproduce:
1.Go to http://security.openwares.org/
2.Press on either TEST EXPLOIT link button to see the spoofed page
3.

Actual Results:  
A spoofed page appears

Expected Results:  
Not show the spoofed page
I see "http://www.paypal.com%01@security.openwares.org/Paypal.htm" in my URL
bar.  That URL is extremely misleading ("www.paypal.com%01" is a password rather
than a hostname), but it is a valid URL (except maybe fore the %01).  In IE you
would only see "http://www.paypal.com".
Summary: URL Spoofing Vulnerability → URL Spoofing Vulnerability
Also do not install that 3rd-party patch for IE from that site, it introduces a memory leak and contains a buffer overflow in WideCharToMultiByte() which opens a remote vulnerability.

*** This bug has been marked as a duplicate of 228176 ***
Status: UNCONFIRMED → RESOLVED
Closed: 21 years ago
Resolution: --- → DUPLICATE
Verified duplicate.
Status: RESOLVED → VERIFIED
Un usuario confiado, puede ser engañado al descargar archivos cuyo origen podría
parecer un sitio de confianza, cuando se trata de
código o enlaces maliciosos a sitios dudosos. Esto puede facilitar ataques
basados en una falsa sensación de confianza.

Se publica el siguiente código como prueba de concepto:

<h1>Firefox 1.01 : spoofing status bar without
using JavaScript</h1>
<p>Save the New Features about Firefox 1.02 ( PDF
20K )</p>
<p>Right Click and Save Link as ...<p>
<div>
<a
href="http://www.mozilla.org/features_ff102.pdf">
<table><tr><td>
<a href="http://www.tpc.org/tpch/spec/tpch2.1.0.pdf">
download : http://www.mozilla.org/features_ff102.pdf
</a><!-- first -->
</td></tr></table>
</a><!-- second -->
</div>

En el ejemplo, si el usuario acepta la sugerencia de grabar el enlace con el
botón derecho, se descargaría un archivo del
sitio "www.tpc.org" mientras la víctima creería estar haciéndolo de
"www.mozilla.org".
You need to log in before you can comment on or make changes to this bug.