Ubuntu
webbrowser-app package

  1. Bug #1620323
  2. Activity log

Activity log for bug #1620323

Date Who What changed Old value New value Message
2016-09-05 13:46:30 Dhiraj bug added bug
2016-09-05 13:46:30 Dhiraj attachment added Please have a look on the Attached file for POC of above Issues https://bugs.launchpad.net/bugs/1620323/+attachment/4734929/+files/Ubuntu-Web-Browser-Dhiraj-Mishra.mp4
2016-09-05 14:24:54 Colin Watson affects launchpad webbrowser-app (Ubuntu)
2016-09-06 03:33:21 Dhiraj description Hello , The default browser of the Ubuntu LTS with the default browser is vulnerable to Address Bar Spoofing. Steps : Ubuntu browser allows attacker to spoof the web-browser by just using '@' symbol. Example : https://google.com@bing.com , this will redirect a user or a victim to bing.com rather than google.com. An attacker can take an advantage of it and may redirect it to any malicious website. Example : https://facebook.com@attacker.com , similarly this will also redirect to attacker.com rather than facebook.com. There are various scenario to exploit , one of it using BeeF using [hook.js] which is browser based exploitation and as such many more. Example: https://example.com.com@attacker.com/hook.js Well where as hook.js is a component of BeeF, which allows attacker to leads to browser based exploitation As far i recommend and request there should be a pop-up for this as a mitigation that some one is trying to tamper the URL. Kindly have a look on the attached Video POC , to clear the above scenario. I would be happy to hear from the team. Thank you Hello , The default browser of the Ubuntu LTS is vulnerable to Address Bar Spoofing. Steps : Ubuntu browser allows attacker to spoof the web-browser by just using '@' symbol. Example : https://google.com@bing.com , this will redirect a user or a victim to bing.com rather than google.com. An attacker can take an advantage of it and may redirect it to any malicious website. Example : https://facebook.com@attacker.com , similarly this will also redirect to attacker.com rather than facebook.com. There are various scenario to exploit , one of it using BeeF using [hook.js] which is browser based exploitation and as such many more. Example: https://example.com.com@attacker.com/hook.js Well where as hook.js is a component of BeeF, which allows attacker to leads to browser based exploitation As far i recommend and request there should be a pop-up for this as a mitigation that some one is trying to tamper the URL. Kindly have a look on the attached Video POC , to clear the above scenario. I would be happy to hear from the team. Thank you
2016-10-06 12:09:32 Marc Deslauriers webbrowser-app (Ubuntu): status New Confirmed
2016-10-06 12:09:35 Marc Deslauriers information type Private Security Public