address the fragment attack

RESOLVED FIXED

Status

()

Toolkit
Safe Browsing
RESOLVED FIXED
12 years ago
4 years ago

People

(Reporter: Fritz Schneider, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(Reporter)

Description

12 years ago
We iterate over docs checking to see if their URL matches a known bad URL that we have. We should accommodate fragments in the URL (eg, http://evil.com/index.html#foo) so we it's not trivial for a page to avoid detection by immediately re-naving the user to the URL with that fragment.

Updated

12 years ago
QA Contact: nobody → safe.browsing
Stripping the fragment is part of url canonicalization for the list lookup, so this shouldn't be an issue anymore.
Status: NEW → RESOLVED
Last Resolved: 10 years ago
Resolution: --- → FIXED
(Assignee)

Updated

4 years ago
Component: Phishing Protection → Phishing Protection
Product: Firefox → Toolkit
You need to log in before you can comment on or make changes to this bug.