Closed
Bug 581313
Opened 15 years ago
Closed 7 years ago
URL spoofing is likely possible through address bar eliding
Categories
(Firefox :: Address Bar, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 1598175
People
(Reporter: lcamtuf, Unassigned)
Details
(Keywords: sec-low)
Hi,
Address bar eliding is a bit naive - the leftmost part of the URL is simply truncated without giving any visual cue - so the attacker can open or resize a window so that an URL such as this:
http://www.google.com.coredump.cx
...is shown as:
http://www.google.com
This requires some minimal finesse to properly calculate screen resolutions and guess the address bar font, but this is likely not prohibitively difficult.
|
||
Updated•15 years ago
|
Whiteboard: [sg:low spoof]
Component: Security → Location Bar
QA Contact: firefox → location.bar
|
Reporter | |
Comment 1•14 years ago
|
||
Also see bug 622451 for a vaguely related UI resizing concern.
|
||
Updated•12 years ago
|
Group: core-security
Whiteboard: [sg:low spoof]
|
||
Comment 2•7 years ago
|
||
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
|
||
Updated•5 years ago
|
Resolution: INACTIVE → DUPLICATE
| Comment hidden (obsolete) |
You need to log in
before you can comment on or make changes to this bug.
Description
•