Rafay Baloch, one of the Pakistani ethical hacker, has recently exposed the differences in Chrome and Firefox. Reports say that these site exposed certain information and websites that could exude the user’s data.
RafayBaloch, recently on the Tuesday officially released blog on his own personal website that was related to the address-bar spoofing bug. This could easily display up an invalid address that is usually blocked of is invalid.
“Google security team themselves state that ‘We recognize that the address bar is the only reliable security indicator in modern browsers’ and if the only reliable security indicator could be controlled by an attacker it could carry adverse effects. For instance potentially tricking users into supplying sensitive information to a malicious website due to the fact that it could easily lead the users to believe that they are visiting is a legitimate website as the address bar points to the correct website. ”
Due to this he has got a bonus of $5000.
On this address bar spoofing flaw several different languages like the Arabic and Hebrew many of the Unicode characters are not managed on this site. However such a single letter or a alphabetic code can even give a spoofed URL. Some of the neutral characters such as “/”, “ا” were also spoofed by Rafay.
Rafay,says than rather then these 2 sites this site is also present in many other browsers as well. But Chrome and Firefox have however fixed their problem.
