Closed
Bug 1247292
Opened 8 years ago
Closed 8 years ago
Output encoding error, would be XSS if content type of response were to change.
Categories
(support.mozilla.org :: Code Quality, task)
support.mozilla.org
Code Quality
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1223970
People
(Reporter: amuntner, Unassigned)
References
()
Details
(Keywords: sec-moderate, wsec-xss)
If the content-type were text/html, this would be XSS. Couldn't find a way to get it reflected into a page but that doesn't mean there isn't a way. safe html encoded output should be used for user input to q parameter Marking as moderate because it's not provably exploitable but I'd like to see it fixed anyway. https://support.mozilla.org/en-US/search/suggestions?q={searchTerms56242<script>alert(1)<%2fscript>360ed GET /en-US/search/suggestions?q={searchTerms56242<script>alert(1)<%2fscript>360ed HTTP/1.1 Host: support.mozilla.org Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close HTTP/1.1 200 OK Server: Apache X-Backend-Server: support2.webapp.phx1.mozilla.com Vary: X-Mobile,User-Agent Cache-Control: no-cache, must-revalidate Content-Type: application/x-suggestions+json <------- (snip) ["{searchTerms56242<script>alert(1)</script>360ed", ["JavaScript settings and preferences for interactive web pages", "Warning Unresponsive script - What it means and how to fix it", (snip)
Reporter | ||
Comment 1•8 years ago
|
||
Closing, duplicate of bug 1223970, issue is safe artifact of template engine
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Comment 2•8 years ago
|
||
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•