Closed
Bug 888842
Opened 12 years ago
Closed 11 years ago
Execute a XPI cover by Form History (spoofing/clickjacking)
Categories
(Core :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 884488
People
(Reporter: jordi.chancel, Unassigned)
References
Details
(Keywords: csectype-spoof, reporter-external, sec-moderate, Whiteboard: [reporter-external])
Attachments
(2 files)
ScreenShot 1
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0 (Beta/Release)
Build ID: 20130618035212
Steps to reproduce:
-Go to 1B.htm (in the ZIP) (1B.htm until 7B.htm will create 7 form history)
-After going to 1B.htm(after 2B.htm 3B.htm 4B.htm 5B.htm 6B.htm 7B.htm) you are in firefoxspoof4.htm.
-Click to the extremity right of the input text.
(if you don't enderstand look this youtube video => http://www.youtube.com/watch?v=gcI7W29dhyo )
Actual results:
-XPI Addon is cover by all form history of the input text
|
||
Updated•12 years ago
|
Flags: sec-bounty?
|
Reporter | |
Comment 1•12 years ago
|
||
|
||
Comment 2•12 years ago
|
||
I can confirm that the search history dropdown appears above the XPI install dialog. On my system, it's not aligned as well as in your example, but the problem is clear. Thanks for filing it.
This is less troubling than the other similar issues, because this only allows arbitrary text (with a white background) above the UI, rather than a bitmap. It's not as believable as the bitmap UI spoof.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•12 years ago
|
Whiteboard: [reporter-external]
|
||
Comment 3•12 years ago
|
||
The changes I'm proposing to fix bug 884488 will end up fixing this one (if they're adopted) so I'm going to make this "depend on" that one. Could end up being a duplicate, effectively. If we attack the other bug strictly in the <select> code then this could be a separate bug so I'm not yet ready to call this a strict duplicate.
Depends on: 884488
Keywords: csec-spoof
|
|
Reporter | |
Updated•12 years ago
|
Whiteboard: [reporter-external] → [sg:critical][reporter-external]
|
|
||
Updated•12 years ago
|
Whiteboard: [sg:critical][reporter-external] → [reporter-external]
|
|
||
Comment 4•11 years ago
|
||
Bug Bounty Triage: We're making bug 884488 the master bug for XPI clickjacking issues that you're reporting. They are all variants of the same basic problem.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → DUPLICATE
|
||
Updated•11 years ago
|
Flags: sec-bounty? → sec-bounty-
|
|
Reporter | |
Updated•10 years ago
|
Keywords: sec-moderate
|
||
Updated•9 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•8 years ago
|
Group: core-security-release
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•