All users were logged out of Bugzilla on October 13th, 2018
Created attachment 575008 [details] screenshoturlspoofing.png User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 Build ID: 20111104165243 Steps to reproduce: similar at bug 687745 but with some difference (can't steal a SSL/TLS indicia and this one uses a different code) Go at www.google.fr and surf on three webpage , after , click on a link of a website on google , use three time History.back() button during the page loading (BEFORE THE PAGE IS LOADED),after than the website is loaded you can use BACK or FORWARD button for enable the URL spoofing (view the video). Actual results: URL is Spoofed and if the webpage targeted contain a Password and login saved on form input , they are sent on attacker website. /!\ I haven't coded a PoC for the moment because this exploitation is more complicated than i thought, so for demonstrate this vulnerability please view this video => http://www.youtube.com/watch?v=ECBbz07s2Uk .
Comment on attachment 575008 [details] screenshoturlspoofing.png I will try to code a testcase for this.
Attachment #575008 - Attachment filename: screenshoturlspoofing.png → screenshot
sorry but this bug is a dupe of bug 700080.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 700080]
Duplicate of bug: 700080
sorry but this bug is a dupe of bug 687745.
Whiteboard: [sg:dupe 700080] → [sg:dupe 687745]
Duplicate of bug: 687745
You need to log in before you can comment on or make changes to this bug.