Opened 4 years ago

Closed 2 years ago

#20679 closed defect (worksforme)

Tor Bowser Address Spoofing.

Reported by: Dhiraj_Mishra Owned by: tbb-team
Priority: Medium Milestone:
Component: Applications/Tor Browser Version:
Severity: Normal Keywords: tbb-crash
Cc: Actual Points:
Parent ID: Points:
Reviewer: Sponsor:


Steps to reproduce the problem:
Please find the attachment.

  1. Open
  2. Hit Go.
  3. The Address Bar gets spoofed.

Address Spoofing:

Address bar says
Content is not

However by closing the spoofed tab the browser crashed.
In my attempts to repro, the page always goes blank after a short delay, both on Linux and Windows. I'm sure that it's possible to tweak the parameters to DoS the browser and delay the blank paint, but that's fragile and is unlikely to work well across machines.

The timer setTimeout() is actually set to 4 seconds. Locally, the spoofed content gets displayed for the time mention in the code (Time value van be extended) to make the spoof page stable.

Demo URL :
Please find the attachment for the reference.

Thank you

Child Tickets

Attachments (1)

TOR.ZIP (119.5 KB) - added by Dhiraj_Mishra 4 years ago.

Download all attachments as: .zip

Change History (8)

Changed 4 years ago by Dhiraj_Mishra

Attachment: TOR.ZIP added


comment:1 Changed 4 years ago by arma

Component: - Select a componentApplications/Tor Browser
Owner: set to tbb-team
Severity: MajorNormal

comment:2 Changed 4 years ago by cypherpunks

Keywords: tbb-crash added; Tor Browser removed


comment:3 Changed 4 years ago by Dhiraj_Mishra

Hi Team ,

Any follow-Up , Please let me know about the Issue.
Looking forward to it.

Thank you

comment:4 Changed 4 years ago by Dhiraj_Mishra

Hi ,

Attaching reference , Mozilla is tracking the issue :

Thank you

comment:5 Changed 2 years ago by traumschule

Status: newneeds_information

I can't reproduce it, the site is down. Do you have another example?

comment:6 Changed 2 years ago by Dhiraj

Sure, open spoof.html

# spoof.html

function next()


function f()
{"content.html","_blank","width=500 height=500");

<a href="#" onclick="f()">Welcome to Facebook.</a><br>

# content.html


comment:7 Changed 2 years ago by traumschule

Resolution: worksforme
Status: needs_informationclosed

Thanks for the fast reply! Please try it out with 8.0.2 yourself. I downloaded and extracted the archive, opened spoof.html with "Standard" settings (js enabled) and clicked "Go". The only thing i see in the console/log is:

JavaScript error: resource://gre/modules/WebRequestContent.js, line 118: TypeError: window is undefined
Note: See TracTickets for help on using tickets.