Closed
Bug 703111
Opened 13 years ago
Closed 13 years ago
Mozilla Firefox 8.0 URL Bar Spoofing and Saved Password stealing using history.back() or history.forward()
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 687745
People
(Reporter: jordi.chancel, Unassigned)
References
()
Details
(Whiteboard: [sg:dupe 687745])
Attachments
(1 file)
116.29 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0 Build ID: 20111104165243 Steps to reproduce: similar at bug 687745 but with some difference (can't steal a SSL/TLS indicia and this one uses a different code) Go at www.google.fr and surf on three webpage , after , click on a link of a website on google , use three time History.back() button during the page loading (BEFORE THE PAGE IS LOADED),after than the website is loaded you can use BACK or FORWARD button for enable the URL spoofing (view the video). Actual results: URL is Spoofed and if the webpage targeted contain a Password and login saved on form input , they are sent on attacker website. /!\ I haven't coded a PoC for the moment because this exploitation is more complicated than i thought, so for demonstrate this vulnerability please view this video => http://www.youtube.com/watch?v=ECBbz07s2Uk .
Reporter | ||
Comment 1•13 years ago
|
||
Comment on attachment 575008 [details]
screenshoturlspoofing.png
I will try to code a testcase for this.
Attachment #575008 -
Attachment filename: screenshoturlspoofing.png → screenshot
Reporter | ||
Updated•13 years ago
|
Reporter | ||
Comment 2•13 years ago
|
||
sorry but this bug is a dupe of bug 700080.
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 700080]
Reporter | ||
Comment 4•13 years ago
|
||
sorry but this bug is a dupe of bug 687745.
Reporter | ||
Updated•13 years ago
|
Whiteboard: [sg:dupe 700080] → [sg:dupe 687745]
Updated•10 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•