Closed
Bug 1238593
Opened 8 years ago
Closed 8 years ago
Improper output encoding on support.mozilla.org search dialog results, self-xss
Categories
(support.mozilla.org :: Questions, task)
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1223970
People
(Reporter: serverghosts, Unassigned)
References
()
Details
(Keywords: sec-moderate)
Attachments
(1 file)
38.16 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; PrimoC4 Build/WALTON) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.8.0.718 U3/0.8.0 Mobile Safari/534.30 Steps to reproduce: Go to: https://support.mozilla.org/en-US/questions/new/desktop Put this payload into the search : "><p id="\u0070rompt(1)"onmouseover=\u0065val(id) // Actual results: Js execution (Prompt box) Expected results: Plan text come out
Reporter | ||
Updated•8 years ago
|
Severity: normal → critical
OS: Unspecified → Android
Priority: -- → P2
Hardware: Unspecified → All
Updated•8 years ago
|
Summary: XSS javascript execution (prompt) → Improper output encoding on support.mozilla.org search dialog results, self-xss
Updated•8 years ago
|
Severity: critical → normal
Priority: P2 → --
Comment 1•8 years ago
|
||
Output encoding issue: unicode characters are not correctly output encoded into a context-safe HTML entity encoding format. This example is self-xss and not exploitable to the extent we analyzed it, but there could be other places on the website that also use the same output encoding mechanism which could be vulnerable. A review of the output encoding used for sanitization should be performed on sumo to look for other instances, identify the root cause, and fix it.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Updated•8 years ago
|
Flags: needinfo?(mcooper)
Updated•8 years ago
|
Keywords: sec-moderate
Reporter | ||
Comment 2•8 years ago
|
||
Is there gonna be any hof function?
Comment 3•8 years ago
|
||
I'm fairly sure this is the same problem reported and fixed in bug 1223970. I can't reproduce it following the steps in comment 1. I don't know what a hof function is.
Status: NEW → RESOLVED
Closed: 8 years ago
Flags: needinfo?(mcooper)
Resolution: --- → DUPLICATE
Updated•8 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•