Closed Bug 724247 Opened 8 years ago Closed 8 years ago

Mozilla Firefox 10.0 Address Bar Spoofing Vulnerability.

Categories

(Core Graveyard :: Security: UI, defect)

x86
Windows 7
defect
Not set

Tracking

(firefox10 affected, firefox11 affected, firefox12 affected, firefox13 affected, firefox-esr10 affected)

RESOLVED DUPLICATE of bug 724599
Tracking Status
firefox10 --- affected
firefox11 --- affected
firefox12 --- affected
firefox13 --- affected
firefox-esr10 --- affected

People

(Reporter: netfuzzerr, Unassigned)

References

(Blocks 1 open bug)

Details

(Whiteboard: [sg:dupe 724599])

Attachments

(1 file)

User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.3 Safari/535.19

Steps to reproduce:

Hi,

When you drag a URL into the address bar of the Mozilla Firefox open the page automatically, but if an attacker to convince the victim to drag an address of a site, and follow with "window.stop ();" the address remains in dragging address bar, thus allowing the attacker to make phishing attacks.

Reproduce:
1. Open PoC.html attached.
2. Drag the text in address bar.
3. See the address bar(in PoC "www.google.com.br").

Regards,
Mario.
Attachment #594439 - Attachment description: 1.html → Vulnerability Proof of concept.
Attachment #594439 - Attachment filename: 1.html → PoC.html
Attachment #594439 - Attachment mime type: text/plain → text/html
Feedback?Suggestion?Informations?
duplicate of jordi's bug?
(In reply to Daniel Veditz [:dveditz] from comment #2)
> duplicate of jordi's bug?

You mean bug 700080?
I guess I was thinking more of bug 714631. Different PoC but seem to be the same underlying flaw.
Status: UNCONFIRMED → NEW
Component: Untriaged → Security: UI
Ever confirmed: true
Product: Firefox → Core
QA Contact: untriaged → ui
Whiteboard: [sg:high] same cause as 714631?
Actually not quite as good a spoof as bug 714631 on SSL sites, these aren't quite the same.
Whiteboard: [sg:high] same cause as 714631? → [sg:moderate] same underlying fix as 714631?
Heh. Goodbye chance of bounty. :(
Actually this looks like a dupe of bug 724599 and its dependent bugs.
Well, this was logged two days earlier, leaving the "dupe" issue open to debate. That bug has all of the work on it though.
My use of the word "dupe" has no negative connotation - I was just suggesting that both bugs stem from the same underlying issue. Both reports are valid and useful - which way they get marked (or which one ends up tracking the work) is entirely arbitrary.
Status: NEW → RESOLVED
Closed: 8 years ago
No longer depends on: CVE-2012-1950
Resolution: --- → DUPLICATE
Whiteboard: [sg:moderate] same underlying fix as 714631? → [sg:moderate]
Duplicate of bug: CVE-2012-1950
Group: core-security
Whiteboard: [sg:moderate] → [sg:dupe 724599]
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.