Closed Bug 724247 Opened 8 years ago Closed 8 years ago
Mozilla Firefox 10
.0 Address Bar Spoofing Vulnerability .
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.3 Safari/535.19 Steps to reproduce: Hi, When you drag a URL into the address bar of the Mozilla Firefox open the page automatically, but if an attacker to convince the victim to drag an address of a site, and follow with "window.stop ();" the address remains in dragging address bar, thus allowing the attacker to make phishing attacks. Reproduce: 1. Open PoC.html attached. 2. Drag the text in address bar. 3. See the address bar(in PoC "www.google.com.br"). Regards, Mario.
duplicate of jordi's bug?
(In reply to Daniel Veditz [:dveditz] from comment #2) > duplicate of jordi's bug? You mean bug 700080?
I guess I was thinking more of bug 714631. Different PoC but seem to be the same underlying flaw.
Status: UNCONFIRMED → NEW
Component: Untriaged → Security: UI
Ever confirmed: true
Product: Firefox → Core
QA Contact: untriaged → ui
Whiteboard: [sg:high] same cause as 714631?
Actually not quite as good a spoof as bug 714631 on SSL sites, these aren't quite the same.
Whiteboard: [sg:high] same cause as 714631? → [sg:moderate] same underlying fix as 714631?
Heh. Goodbye chance of bounty. :(
Actually this looks like a dupe of bug 724599 and its dependent bugs.
Well, this was logged two days earlier, leaving the "dupe" issue open to debate. That bug has all of the work on it though.
My use of the word "dupe" has no negative connotation - I was just suggesting that both bugs stem from the same underlying issue. Both reports are valid and useful - which way they get marked (or which one ends up tracking the work) is entirely arbitrary.
Status: NEW → RESOLVED
Closed: 8 years ago
No longer depends on: CVE-2012-1950
Resolution: --- → DUPLICATE
Whiteboard: [sg:moderate] same underlying fix as 714631? → [sg:moderate]
Duplicate of bug: CVE-2012-1950
Whiteboard: [sg:moderate] → [sg:dupe 724599]
You need to log in before you can comment on or make changes to this bug.