Closed Bug 946163 Opened 12 years ago Closed 5 years ago

Location Bar Spoofing using certain key on the keyboard

Categories

(Firefox :: Address Bar, defect, P3)

Product:
Firefox
Component:
Address Bar
Version:
26 Branch
Platform:
x86
macOS
Type:
defect

Tracking

()

Status:
RESOLVED WONTFIX

People

(Reporter: jordi.chancel, Unassigned)

Details

(Keywords: csectype-spoof, reporter-external, sec-low)

Attachments

(2 files)

TESTCASE1.zip
20.40 KB, application/java-archive
Details
SCREENSHOT1.png
159.55 KB, image/png
Details
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20131125215016 Steps to reproduce: Sometime when you write a text on a textarea or input , you can use the TAB key for directly wirte on other textarea or input . You can aslo use the right directional key for navigate on the word into the input or text area. When you tape tab key two times , and later tape right directional key , location bar is spoofed and if the malicious page have a SSL status , location bar is spoofed with SSL. Actual results: Using TABULATION key two time and Right Directional Key , location bar is spoofed because location bar show the end of the URL. Expected results: Location Bar Show the end of the URL.
Attached file TESTCASE1.zip
You can use this testcase.
Attached image SCREENSHOT1.png
view this screenshot please.
the POC works as described, marking for sec-bounty
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: sec-bounty?
Attachment #8342270 - Attachment mime type: application/zip → application/java-archive
Group: core-security
Component: Untriaged → Location Bar
Flags: sec-bounty? → sec-bounty-
Keywords: csectype-spoof, sec-low
Per policy at https://wiki.mozilla.org/Bug_Triage/Projects/Bug_Handling/Bug_Husbandry#Inactive_Bugs. If this bug is not an enhancement request or a bug not present in a supported release of Firefox, then it may be reopened.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INACTIVE
Status: RESOLVED → REOPENED
Priority: -- → P3
Resolution: INACTIVE → ---

This bug is hard to understand, but it seems to boil down to scrolling the urlbar to the end and making it a certain width so the fake URL lines up perfectly? I can't even reproduce the screenshot exactly on a new profile using Firefox 26. This doesn't seem serious at all, and we also show the https scheme now when the urlbar is scrolled. I'll wontfix this. Please reopen if you disagree, Marco.

Status: REOPENED → RESOLVED
Closed: 7 years ago5 years ago
Resolution: --- → WONTFIX
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: