Browser Security

Well the latest modern browsers including Firefox , Chrome can be tricked to show a URL in address bar while I push a different file from other website. Wondering what harm that can cause? Well lets say the cyber criminals design a website that looks like a video player and asks you to update flash player when you try to play, when you click download then you see in your browser address that you are bing redirected to adobe website (its a real adobe flash download URL) but a totally different file can be downloaded. See the screenshot below to have a clear understanding.

Firefox Browser
Firefox version casino online 15 latest stable version currently available.

http://cl.ly/image/0u462Z1m1w3x go here for full size picture.

Firefox 15 on Windows XP
Firefox 15 on Windows

http://cl.ly/image/3e2B1b261W2G go here for full size image

 This vulnerability works both in Firefox and Chrome , in Windows , Linux and Mac.

Update 1: The vulnerability can be seen on this link in a sanboxed environment (NO Harm will e done to your computer if you check this link) https://hack.me/101097/browser-url-spoofing.html

8 thoughts on “Browser Security”

    1. Well that’s hard to say. As this problem is also true for Google Chrome, and few other browsers. I have contacted Mozilla hopefully they will fix things in the next version.

  1. Nice info! I really scared when in hack.me the archive download it by itself.Pretty nice cloaboration to hack.me from your part.Good job.!

  2. why do you see it as a vulnerability ?
    A page can always have content from other page. What you are trying to do is to get another URL after that adobe page loads up, which is perfectly fine.

    1. Its a vulnerability because, say you visit a website which has a flash video player and shows a missing plugin message, you click on the download flash button and you see the adobe flash page open, and the file gets downloaded.Now suppose the file was not a harmless file like the author showed..may be its a trojan that can take over your computer, but a average computer user will not notice the difference. As both the browser and the url bar shows adobe flash player.

        1. Hello Akash, yes a HTML page can have the reference of a file from another page. But a file from different server should not start downloading with a page load of a website of different server. I am sorry if i am unable to explain you why this is a vulnerability. But both Google Chrome and Firefox has now accepted it as a vulnerability and fix is on its way. Thank You.

Leave a Reply

Your email address will not be published. Required fields are marked *