Closed Bug 947696 Opened 11 years ago Closed 11 years ago

Long URLs may be used to impersonate legitimate sites

Categories

(Firefox :: Untriaged, defect)

26 Branch
x86
macOS
defect
Not set
normal

Tracking

()

RESOLVED DUPLICATE of bug 233865

People

(Reporter: jordi.chancel, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: www.xxx.com.yyy.com type url should be defined like dangerous.)

Attachments

(1 file, 3 obsolete files)

Attached file high spoof.html (obsolete) —
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release) Build ID: 20131202182626 Steps to reproduce: when you open a small popup window with a big URL , you can't view the totality of the url. if you use an illegal address like http://www.google.complice.alternativ-testing.fr on the small opup window. only www.google.com is visible. Actual results: URL into the location bar is spoofed by the start of the web address. Expected results: you view only the start of the url.
Attached file high spoof.html (obsolete) —
Attachment #8344306 - Attachment is obsolete: true
Whiteboard: www.xxx.com.yyy.com type url should be defined like dangerous.
Attached file high spoof.html (obsolete) —
Attachment #8344308 - Attachment is obsolete: true
This isn't so much spoofing as impersonating, and AFAIK it's an incredibly old problem for every browser without a good UI fix. Currently when you hover over the url field you get a notification of the full URL. This being an old and quite known problem leads me to think this is sec-low.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: sec-bounty?
Summary: URL SPOOFING USING ILLEGAL WEB ADDRESS WITH SMALL POPUP WINDOW → Long URLs may be used to impersonate legitimate sites
Attached image screenshot1.png
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → DUPLICATE
Group: core-security → core-security-release
Group: core-security-release
Attachment #8344336 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: