Open
Bug 708952
Opened 13 years ago
Updated 2 years ago
MIME sniffing on data: documents makes phishing easier than necessary
Categories
(Firefox :: Security, defect)
Tracking
()
NEW
People
(Reporter: lcamtuf, Unassigned)
Details
Hi guys, I feel stupid filing this... Not a big deal, but it may make sense not to sniff MIME type on data: documents. Otherwise, I can construct a fairly plausible phishing vector by omitting text/html: http://lcamtuf.coredump.cx/switch/index2.html Arguably, javascript:"..." URLs can be used to achieve a similar effect; Chrome solves that by not putting them in the address bar. On a related note - I'm not sure it makes sense to file a bug for that, but this seems like something that may be worth thinking about at some point: http://lcamtuf.blogspot.com/2011/12/old-switcharoo.html
Reporter | ||
Comment 1•13 years ago
|
||
I updated the PoC with a second variant that looks particularly convincing in Firefox (using Unicode homographs).
Reporter | ||
Comment 2•13 years ago
|
||
Reference capture of what I'm seeing: http://lcamtuf.coredump.cx/switch/reference.jpg
Updated•2 years ago
|
Severity: minor → S4
You need to log in
before you can comment on or make changes to this bug.
Description
•