SecurityTracker.com
    Home    |    View Topics    |    Search    |    Contact Us    |   

SecurityTracker
Archives


 


Category:   Application (Web Browser)  >   Mozilla Firefox Vendors:   Mozilla.org
Mozilla Firefox Invalid Character URL Bug Lets Remote Users Spoof URLs
SecurityTracker Alert ID:  1022603
SecurityTracker URL:  http://securitytracker.com/id/1022603
CVE Reference:   CVE-2009-2654   (Links to External Site)
Updated:  Aug 5 2009
Original Entry Date:  Jul 27 2009
Impact:   Modification of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  Exploit Included:  Yes  
Version(s): 3.5.1 and prior versions
Description:   A vulnerability was reported in Mozilla Firefox. A remote user can spoof URLs.

A remote user can create specially crafted HTML that, when loaded by the target user, will load an arbitrary URL containing an invalid character. The address bar will display a portion of the URL (spoofing a valid URL) and the browser will display arbitrary page contents instead of the invalid URL error page.

A demonstration exploit is available at:

http://es.geocities.com/jplopezy/firefoxspoofing.html

Juan Pablo Lopez Yacubian reported this vulnerability.

Impact:   A remote user can spoof URLs.
Solution:   The vendor has issued a fix (3.0.13, 3.5.2).

The vendor's advisory is available at:

http://www.mozilla.org/security/announce/2009/mfsa2009-44.html

Vendor URL:  www.mozilla.org/security/announce/2009/mfsa2009-44.html (Links to External Site)
Cause:   Input validation error
Underlying OS:  Linux (Any), UNIX (Any), Windows (Any)

Message History:   This archive entry has one or more follow-up message(s) listed below.
Sep 10 2009 (Red Hat Issues Fix) Mozilla Firefox Invalid Character URL Bug Lets Remote Users Spoof URLs
Red Hat has released a fix for Red Hat Enterprise Linux 4 and 5.
Sep 10 2009 (Red Hat Issues Fix for Seamonkey) Mozilla Firefox Invalid Character URL Bug Lets Remote Users Spoof URLs
Red Hat has released a fix for Mozilla Seamonkey for Red Hat Enterprise Linux 4.
Sep 10 2009 (Red Hat Issues Fix for Mozilla Seamonkey) Mozilla Firefox Invalid Character URL Bug Lets Remote Users Spoof URLs
Red Hat has released a fix for Mozilla Seamonkey for Red Hat Enterprise Linux 3.



 Source Message Contents

Subject:  URL spoofing bug involving Firefox's error pages and document.write

Application: Firefox 3.0.11 
OS: Windows XP - SP3
------------------------------------------------------ 
1 - Description 
2 - Vulnerability 
3 - POC/EXPLOIT 
------------------------------------------------------ 
Description 

This software is a popular web browser that supports multiple platforms as (windows,linux,macos).

------------------------------------------------------ 
Vulnerability 

The bug is caused when you try to open a url with a invalid char, in this time, you can edit the error page, and make a "spoof".

This not would be important because when you make the spoof the "invalid web" is loading all time, but as firefox allow that you call
 the "stop" method of other page you can stop this.

The result of this is a fake page.
 
------------------------------------------------------ 
 POC/EXPLOIT 
 
The poc is a simple script that have a window.open(), it calls the url with invalid char, the invalid char can be a "," or "%" is
 important that you add some "%20" for display a "white space" in the url.

http://es.geocities.com/jplopezy/firefoxspoofing.html
 
PD : I send this to bugzilla
------------------------------------------------------ 
 Juan Pablo Lopez Yacubian 

 
 


Go to the Top of This SecurityTracker Archive Page





Home   |    View Topics   |    Search   |    Contact Us

This web site uses cookies for web analytics. Learn More

Copyright 2020, SecurityGlobal.net LLC