[Author Prev][Author Next][Thread Prev][Thread Next][Author Index][Thread Index]
[tor-bugs] #20679 [- Select a component]: Tor Bowser Address Spoofing.
#20679: Tor Bowser Address Spoofing.
--------------------------------------+-------------------------
Reporter: Dhiraj_Mishra | Owner:
Type: defect | Status: new
Priority: Medium | Milestone:
Component: - Select a component | Version:
Severity: Major | Keywords: Tor Browser
Actual Points: | Parent ID:
Points: | Reviewer:
Sponsor: |
--------------------------------------+-------------------------
Steps to reproduce the problem:
Please find the attachment.
1. Open http://hackies.in/spoof.html
2. Hit Go.
3. The Address Bar gets spoofed.
Address Spoofing:
Address bar says facebook.com
Content is not facebook.com
However by closing the spoofed tab the browser crashed.
In my attempts to repro, the page always goes blank after a short delay,
both on Linux and Windows. I'm sure that it's possible to tweak the
parameters to DoS the browser and delay the blank paint, but that's
fragile and is unlikely to work well across machines.
The timer setTimeout() is actually set to 4 seconds. Locally, the spoofed
content gets displayed for the time mention in the code (Time value van be
extended) to make the spoof page stable.
Demo URL : http://hackies.in/spoof.html
Please find the attachment for the reference.
Thank you
--
Ticket URL: <https://trac.torproject.org/projects/tor/ticket/20679>
Tor Bug Tracker & Wiki <https://trac.torproject.org/>
The Tor Project: anonymity online
_______________________________________________
tor-bugs mailing list
tor-bugs@xxxxxxxxxxxxxxxxxxxx
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs