388747 - Pipe in URLs splits S

Status: RESOLVED DUPLICATE of bug 221445

(Firefox :: Security, defect)

Description

[Nikolaj Strauss]

User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.2; en-US; rv:1.8.1.5) Gecko/20070713 Firefox/2.0.0.5

If FF is closed, and you try to visit a url from an mail/messenger/whatever it splits the url if there is pipe in the querystring-area.

This opens two tabs: http://www.google.com?q=cheese|yahoo.com
This opens one tab: http://www.google.com|yahoo.com (escapes the pipe to %7C)

This is too me a pretty critical security error, on IRC or anywhere else where urls are posted this could easily be exploited. People only check the host and ignores the querystring which often is nonsens to a "normal" user.

Reproducible: Always

Steps to Reproduce:
1. Set FF as default browser
2. Close FF
3. Click on the url (http://www.google.com?q=cheese|yahoo.com)
4. It opens 2 tabs, with www.google.com in the first tab and yahoo.com in the second.
Actual Results:  
It opens two tabs instead of one, and could easily be explotied.

Expected Results:  
One tab with "http://www.google.com?q=cheese|yahoo.com"

Comment 1

[Martijn Wargers (dead)]

I guess this is more or less bug 221445.

Comment 2

[timeless]

i don't consider this a security vulnerability that needs to be kept confidential, and the other bug is public.

Comment 3

[Nikolaj Strauss]

Yes, it might be the same.. but its from 2003-10-06? 4 years? And he choose the component "Tabbed Browser" instead of "Security" which i think it is.

When its 4 years ago the "bug" was reported i was thinking it was either forgotten, or marked as not important sense you weren't thinking of the exploit-issue.. i mean 4 years to either remove the feature, make it possible to disable/enable it through about:config/options? :)