Closed
Bug 276517
Opened 20 years ago
Closed 20 years ago
Firefox vulnerable to download spoofing
Categories
(Firefox :: File Handling, defect)
Firefox
File Handling
Tracking
()
VERIFIED
DUPLICATE
of bug 262887
People
(Reporter: tonglebeak, Assigned: bugs)
Details
Attachments
(1 file)
264 bytes,
text/html
|
Details |
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 View the testcase that is attached to this bug, and follow the instructions. You will see that a user can be tricked into downloading a file from what they believe to be a trusted site, when it is coming from a site opened in a different tab. Reproducible: Always Steps to Reproduce: 1.Go to the testcase shown. 2.Open the link in a new tab, and go to that tab. 3.A download dialog will appear, which can trick users into downloading something they beleive to be from a trusted site. Actual Results: Download box displays on citibank's site. Expected Results: Gone back to the tab that has the javascript calling for the download.
Reporter | ||
Comment 1•20 years ago
|
||
This shows the bug, and the ability to trick users.
Reporter | ||
Comment 2•20 years ago
|
||
I see that while the from url is shown, coupled with https://bugzilla.mozilla.org/show_bug.cgi?id=275417 , users can be tricked a lot more easily.
Comment 3•20 years ago
|
||
dupe of third testcase in bug 262887 *** This bug has been marked as a duplicate of 262887 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
Reporter | ||
Comment 4•20 years ago
|
||
No, this is different. The one you are referring to reverts to the tab triggering the event, while this one does not.
Updated•20 years ago
|
Status: RESOLVED → VERIFIED
You need to log in
before you can comment on or make changes to this bug.
Description
•