HTTP Basic Auth the redirect destination is not in the address bar.


Steps to Reproduce:
1. Open Mozilla
2. Visit
3. .....

We show http prompt before updating the address bar, however the address bar seems trustworthy.
Attaching the poc for reference, I believe the impact of this may be high.

Expected Results:
Address Bar should be updated before showing the http prompt.

Bug Reported by : Dhiraj Mishra 
#BugID: 1343456

1 comment:

  1. Well I think attackers have been already exploiting it !