Closed Bug 703111 Opened 13 years ago Closed 13 years ago

Mozilla Firefox 8.0 URL Bar Spoofing and Saved Password stealing using history.back() or history.forward()

Categories

(Firefox :: General, defect)

8 Branch
x86_64
Windows 7
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 687745

People

(Reporter: jordi.chancel, Unassigned)

References

()

Details

(Whiteboard: [sg:dupe 687745])

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:8.0) Gecko/20100101 Firefox/8.0
Build ID: 20111104165243

Steps to reproduce:

similar at bug 687745 but with some difference (can't steal a SSL/TLS indicia and this one uses a different code)

Go at www.google.fr and surf on three webpage , after , click on a link of a website on google , use three time History.back() button during the page loading (BEFORE THE PAGE IS LOADED),after than the website is loaded you can use BACK or FORWARD button for enable the URL spoofing (view the video). 


Actual results:

URL is Spoofed and if the webpage targeted contain a Password and login saved on form input , they are sent on attacker website.

/!\ I haven't coded a PoC for the moment because this exploitation is more complicated than i thought, so for demonstrate this vulnerability please view this video => http://www.youtube.com/watch?v=ECBbz07s2Uk .
Comment on attachment 575008 [details]
screenshoturlspoofing.png

I will try to code a testcase for this.
Attachment #575008 - Attachment filename: screenshoturlspoofing.png → screenshot
sorry but this bug is a dupe of bug 700080.
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Whiteboard: [sg:dupe 700080]
sorry but this bug is a dupe of bug 687745.
Whiteboard: [sg:dupe 700080] → [sg:dupe 687745]
Group: core-security
You need to log in before you can comment on or make changes to this bug.