Closed
Bug 947696
Opened 11 years ago
Closed 11 years ago
Long URLs may be used to impersonate legitimate sites
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 233865
People
(Reporter: jordi.chancel, Unassigned)
Details
(Keywords: reporter-external, Whiteboard: www.xxx.com.yyy.com type url should be defined like dangerous.)
Attachments
(1 file, 3 obsolete files)
73.79 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.8; rv:26.0) Gecko/20100101 Firefox/26.0 (Beta/Release)
Build ID: 20131202182626
Steps to reproduce:
when you open a small popup window with a big URL , you can't view the totality of the url.
if you use an illegal address like http://www.google.complice.alternativ-testing.fr on the small opup window. only www.google.com is visible.
Actual results:
URL into the location bar is spoofed by the start of the web address.
Expected results:
you view only the start of the url.
Reporter | ||
Comment 1•11 years ago
|
||
Attachment #8344306 -
Attachment is obsolete: true
Reporter | ||
Updated•11 years ago
|
Whiteboard: www.xxx.com.yyy.com type url should be defined like dangerous.
Reporter | ||
Comment 2•11 years ago
|
||
Attachment #8344308 -
Attachment is obsolete: true
This isn't so much spoofing as impersonating, and AFAIK it's an incredibly old problem for every browser without a good UI fix. Currently when you hover over the url field you get a notification of the full URL. This being an old and quite known problem leads me to think this is sec-low.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: sec-bounty?
Summary: URL SPOOFING USING ILLEGAL WEB ADDRESS WITH SMALL POPUP WINDOW → Long URLs may be used to impersonate legitimate sites
Reporter | ||
Comment 4•11 years ago
|
||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → DUPLICATE
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
Reporter | ||
Updated•8 years ago
|
Attachment #8344336 -
Attachment is obsolete: true
Updated•4 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•