You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Attackers can serve malicious websites that steal passwords or download ransomware to their victims machine due to a redirect and there are a heap of other attack vectors.
(From https://bugzilla.mozilla.org/show_bug.cgi?id=1694684)
Summary:
There is an open redirection vulnerability in the path of:
https://pollbot.services.mozilla.com/
Description:
An attacker can redirect anyone to malicious sites.
Steps To Reproduce:
Type in this URL:
https://pollbot.services.mozilla.com//evil.com/
As, you can see it redirects to that website when you inject this payload:
//evil.com/
evil.com was used as an example but this could be any website note, the // is the bypass.
Supporting Material/References:
https://cheatsheetseries.owasp.org/cheatsheets/Unvalidated_Redirects_and_Forwards_Cheat_Sheet.html
Impact
Attackers can serve malicious websites that steal passwords or download ransomware to their victims machine due to a redirect and there are a heap of other attack vectors.