Closed Bug 329710 Opened 19 years ago Closed 17 years ago

address the fragment attack

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: fritz, Unassigned)

Details

Fritz Schneider

Reporter

Description

•

19 years ago

We iterate over docs checking to see if their URL matches a known bad URL that we have. We should accommodate fragments in the URL (eg, http://evil.com/index.html#foo) so we it's not trivial for a page to avoid detection by immediately re-naving the user to the URL with that fragment.

timeless

Updated

•

19 years ago

QA Contact: nobody → safe.browsing

Brian Ryner (not reading)

Comment 1

•

17 years ago

Stripping the fragment is part of url canonicalization for the list lookup, so this shouldn't be an issue anymore.

Status: NEW → RESOLVED

Closed: 17 years ago

Resolution: --- → FIXED

Nobody; OK to take it and work on it

Assignee

Updated

•

11 years ago

Product: Firefox → Toolkit

You need to log in before you can comment on or make changes to this bug.

Bugzilla

address the fragment attack

Categories

(Toolkit :: Safe Browsing, defect)

Tracking

()

People

(Reporter: fritz, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Comment 1

Updated