Closed Bug 275738 Opened 20 years ago Closed 20 years ago

malformed URLS do a google search and redirect people to the first site "I'm Feeling Lucky"

Categories

(Firefox :: Address Bar, defect)

Product:
Firefox
Component:
Address Bar
Version:
1.0 Branch
Platform:
PowerPC
All
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED DUPLICATE of bug 231720

People

(Reporter: rfrancis, Assigned: bugs)

References

(
URL
)

Details

http:///chad goes to the following URL. http://www.cia.gov/cia/publications/factbook/geos/cd.html If you enter or click on a link which has the improper form, http:///[somekeyword] Firefox will forward the [somekeyword] portion of the URL to google, do a search and redirect people to the first result found. You can get some strange and seemingly random results from this. Is this a potential security issue? Thanks, Russ
Please search before filing bugs. A bug with a nearly identical summary to this one already exists. *** This bug has been marked as a duplicate of 231720 ***
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
And no, it's not a security issue. I don't see how it could be considered one in any way.
I still consider this a security issue. Please, hear me out. Case 1: --------------------------------------------------------------------- I think I have a serious illness, and hear from a friend about a good site with information about the disease 'http://www.aids.com/'. I go to the browser and type in 'http:///www.aids' and then accidentally push enter. Without my knowledge or consent Firefox has submitted a search to google on my behalf with personal information which I may not want to share with them. At the very least, there should be an option to disable the automatic searching of malformed URLS Case 2: --------------------------------------------------------------------- I visit a site which has a link <a href="http:///bad_url"> When I rollover the link, The page shows that it will take me to 'http://bad_url/'. When I click it, it will really do a google search, and take me somewhere else. The potential exists for someone to craft a search string that looks close to a legitimate URL but redirects people to a malicious page. This may sound far fetched but would be feasible with the widespread knowledge and application of gogglebombing. ------------------------------------------------------------------------------ This seems to me like a dangerous line firefox is walking for what amounts to a small amount of convenience. Would anyone be opposed to an option to disable this behavior if we can't agree to disable it by default? ------------------------------------------------------------------------------ Cheers, Russ
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.