Closed Bug 276517 Opened 20 years ago Closed 20 years ago

Firefox vulnerable to download spoofing

Categories

(Firefox :: File Handling, defect)

defect
Not set
critical

Tracking

()

VERIFIED DUPLICATE of bug 262887

People

(Reporter: tonglebeak, Assigned: bugs)

Details

Attachments

(1 file)

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.5) Gecko/20041107 Firefox/1.0 View the testcase that is attached to this bug, and follow the instructions. You will see that a user can be tricked into downloading a file from what they believe to be a trusted site, when it is coming from a site opened in a different tab. Reproducible: Always Steps to Reproduce: 1.Go to the testcase shown. 2.Open the link in a new tab, and go to that tab. 3.A download dialog will appear, which can trick users into downloading something they beleive to be from a trusted site. Actual Results: Download box displays on citibank's site. Expected Results: Gone back to the tab that has the javascript calling for the download.
Attached file spoofed download dialog (deleted) —
This shows the bug, and the ability to trick users.
I see that while the from url is shown, coupled with https://bugzilla.mozilla.org/show_bug.cgi?id=275417 , users can be tricked a lot more easily.
dupe of third testcase in bug 262887 *** This bug has been marked as a duplicate of 262887 ***
Group: security
Status: UNCONFIRMED → RESOLVED
Closed: 20 years ago
Resolution: --- → DUPLICATE
No, this is different. The one you are referring to reverts to the tab triggering the event, while this one does not.
Status: RESOLVED → VERIFIED
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: