Closed
Bug 724247
Opened 13 years ago
Closed 13 years ago
Mozilla Firefox 10.0 Address Bar Spoofing Vulnerability.
Categories
(Core Graveyard :: Security: UI, defect)
Tracking
(firefox10 affected, firefox11 affected, firefox12 affected, firefox13 affected, firefox-esr10 affected)
RESOLVED
DUPLICATE
of bug 724599
People
(Reporter: netfuzzerr, Unassigned)
References
Details
(Whiteboard: [sg:dupe 724599])
Attachments
(1 file)
|
571 bytes,
text/html
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1025.3 Safari/535.19
Steps to reproduce:
Hi,
When you drag a URL into the address bar of the Mozilla Firefox open the page automatically, but if an attacker to convince the victim to drag an address of a site, and follow with "window.stop ();" the address remains in dragging address bar, thus allowing the attacker to make phishing attacks.
Reproduce:
1. Open PoC.html attached.
2. Drag the text in address bar.
3. See the address bar(in PoC "www.google.com.br").
Regards,
Mario.
|
Reporter | |
Updated•13 years ago
|
Attachment #594439 -
Attachment description: 1.html → Vulnerability Proof of concept.
Attachment #594439 -
Attachment filename: 1.html → PoC.html
Attachment #594439 -
Attachment mime type: text/plain → text/html
|
|
Reporter | |
Comment 1•13 years ago
|
||
Feedback?Suggestion?Informations?
|
||
Comment 2•13 years ago
|
||
duplicate of jordi's bug?
|
||
Comment 3•13 years ago
|
||
(In reply to Daniel Veditz [:dveditz] from comment #2)
> duplicate of jordi's bug?
You mean bug 700080?
|
|
||
Comment 4•13 years ago
|
||
I guess I was thinking more of bug 714631. Different PoC but seem to be the same underlying flaw.
Status: UNCONFIRMED → NEW
status-firefox-esr10:
--- → affected
status-firefox10:
--- → affected
status-firefox11:
--- → affected
status-firefox12:
--- → affected
status-firefox13:
--- → affected
Component: Untriaged → Security: UI
Ever confirmed: true
Product: Firefox → Core
QA Contact: untriaged → ui
Whiteboard: [sg:high] same cause as 714631?
|
|
||
Comment 5•13 years ago
|
||
Actually not quite as good a spoof as bug 714631 on SSL sites, these aren't quite the same.
Whiteboard: [sg:high] same cause as 714631? → [sg:moderate] same underlying fix as 714631?
|
|
Reporter | |
Comment 6•13 years ago
|
||
Heh. Goodbye chance of bounty. :(
|
||
Comment 7•13 years ago
|
||
Actually this looks like a dupe of bug 724599 and its dependent bugs.
|
|
||
Updated•13 years ago
|
Depends on: CVE-2012-1950
|
|
||
Comment 8•13 years ago
|
||
Well, this was logged two days earlier, leaving the "dupe" issue open to debate. That bug has all of the work on it though.
|
|
||
Comment 9•13 years ago
|
||
My use of the word "dupe" has no negative connotation - I was just suggesting that both bugs stem from the same underlying issue. Both reports are valid and useful - which way they get marked (or which one ends up tracking the work) is entirely arbitrary.
|
||
Updated•13 years ago
|
Status: NEW → RESOLVED
Closed: 13 years ago
No longer depends on: CVE-2012-1950
Resolution: --- → DUPLICATE
Whiteboard: [sg:moderate] same underlying fix as 714631? → [sg:moderate]
|
|
||
Updated•13 years ago
|
Group: core-security
Whiteboard: [sg:moderate] → [sg:dupe 724599]
|
Assignee | |
Updated•8 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•