Closed Bug 275738 Opened 20 years ago Closed 20 years ago

malformed URLS do a google search and redirect people to the first site "I'm Feeling Lucky"

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Version:
1.0 Branch
Platform:
PowerPC
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 231720

People

(Reporter: rfrancis, Assigned: bugs)

References

(
URL
)

Details

http:///chad  goes to the following URL.
http://www.cia.gov/cia/publications/factbook/geos/cd.html

If you enter or click on a link which has the improper form, http:///[somekeyword]
Firefox will forward the [somekeyword] portion of the URL to google, do a search
and redirect people to the first result found.

You can get some strange and seemingly random results from this.  Is this a
potential security issue?

Thanks,
Russ
Please search before filing bugs. A bug with a nearly identical summary to this
one already exists.

*** This bug has been marked as a duplicate of 231720 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
And no, it's not a security issue. I don't see how it could be considered one in
any way.
I still consider this a security issue.  Please, hear me out.

Case 1: ---------------------------------------------------------------------

I think I have a serious illness, and hear from a friend about a good site with
 information about the disease 'http://www.aids.com/'.  I go to the browser and
type in  'http:///www.aids' and then accidentally push enter.

Without my knowledge or consent Firefox has submitted a search to google on my
behalf with personal information which I may not want to share with them.  At
the very least, there should be an option to disable the automatic searching of
malformed URLS

Case 2: ---------------------------------------------------------------------

I visit a site which has a link <a href="http:///bad_url"> 

When I rollover the link, The page shows that it will take me to
'http://bad_url/'.  When I click it, it will really do a google search, and take
me somewhere else.

The potential exists for someone to craft a search string that looks close to a
legitimate URL but redirects people to a malicious page.  This may sound far
fetched but would be feasible with the widespread knowledge and application of
gogglebombing.

------------------------------------------------------------------------------

This seems to me like a dangerous line firefox is walking for what amounts to a
small amount of convenience.

Would anyone be opposed to an option to disable this behavior if we can't agree
to disable it by default?

------------------------------------------------------------------------------

Cheers,
Russ
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.