Closed
Bug 1238547
Opened 8 years ago
Closed 8 years ago
Self-XSS in support.mozilla.org Mobile Site's Main Search Bar (DUPLICATE)
Categories
(support.mozilla.org :: Search, defect)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1238252
People
(Reporter: serverghosts, Unassigned, NeedInfo)
References
()
Details
(Keywords: sec-low, wsec-xss)
Attachments
(1 file)
50.93 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; PrimoC4 Build/WALTON) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.8.0.718 U3/0.8.0 Mobile Safari/534.30 Steps to reproduce: 1: Go here: https://support.mozilla.org/en-US/products 2: Put this payload into the search box: <IFRAME SRC="hello.html" WIDTH=450 HEIGHT=100> </script><script>alert('XSS by de4dly_panda');</script> Actual results: JavaScript executed ! Vulnerabilities: xss, csrf Expected results: It should have come out in plain text!
Comment 1•8 years ago
|
||
Lnazi - Thank you for your submission, but this issue has already been reported.
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Updated•8 years ago
|
Summary: Cross site scripting found → Self-XSS in support.mozilla.org Mobile Site's Main Search Bar (DUPLICATE)
Updated•8 years ago
|
Reporter | ||
Updated•8 years ago
|
Reporter | ||
Updated•8 years ago
|
OS: Unspecified → Android
Hardware: Unspecified → All
Updated•8 years ago
|
Severity: critical → normal
Priority: P3 → --
Updated•8 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•