Closed Bug 1028342 Opened 10 years ago Closed 10 years ago

XSS when passing a script activated with onclick

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Platform:
x86_64
Windows 7
Type:
defect
Priority:
Not set
Severity:
major

Tracking

()

Status:
RESOLVED DUPLICATE of bug 528661

People

(Reporter: olucim, Unassigned)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.153 Safari/537.36

Steps to reproduce:

Go to some url that puts a GET parameter into the DOM:
http://example.com?message=<div onclick="alert(document.getElementById('pass').value)">Click me to show Pass</div>


Actual results:

the onclick event let me execute the malicious code


Expected results:

the onclick should been rewritten as in chrome or IE (actually IE rewrites onclick with #nclick)
Severity: normal → major
Hi olucim,

Firefox currently doesn't implement a xssfilter / XSS auditor like Chrome / IE. There is a feature bug to implement the filter. Sites which are vulnerable to XSS could use CSP to prevent a majority of XSS attacks by not allowing unsafe-inline / eval.
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Group: core-security
You need to log in before you can comment on or make changes to this bug.