What appears to be a buffer overflow in location bar. Could potentially be used for phishing scams.

RESOLVED DUPLICATE of bug 317746

Status

()

Firefox
Address Bar
--
critical
RESOLVED DUPLICATE of bug 317746
12 years ago
12 years ago

People

(Reporter: David Kerkeslager, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915 Firefox/1.0.7

If you type in a large number of characters where the URL should be, the characters in the url disappear or become garbled (unreadably so).  The exact number of characters necessary to cause this glitch varies depending on which computer I try it on, but it is always a power of 2, which is what leads me to believe that it is a buffer overflow and not a disply problem.  Sites could store pages under extremely long URLs to obscure the URL and make it unverifiable, allowing them to steal passwords and bank account numbers from unwary users.

Reproducible: Always

Steps to Reproduce:
1. Copy a large string (>1000 characters) onto the clipboard.
2. Paste the string into the address bar repeatedly until the error occurs.
Actual Results:  
The URL disappears or becomes garbled.

Expected Results:  
Properly displayed the URL or displayed an error message and not attempted to load the page.

Tested on three different computers.

*** This bug has been marked as a duplicate of 317746 ***
Status: UNCONFIRMED → RESOLVED
Last Resolved: 12 years ago
Resolution: --- → DUPLICATE
Group: security
You need to log in before you can comment on or make changes to this bug.