Closed
Bug 395338
Opened 17 years ago
Closed 17 years ago
XSS hole on store.mozilla.org
Categories
(Websites :: store.mozilla.org, defect)
Websites
store.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: clouserw, Assigned: mike.bommarito)
References
()
Details
(Keywords: wsec-xss)
Posted on a security forum here: http://sla.ckers.org/forum/read.php?3,44,15626#msg-15626 XSS is here (warning, several alerts()): http://store.mozilla.org/product.php?code=mz1303223%22%3E%3Cscript%3Ealert(1)%3C/script%3E&catid=&offset=0 It looks like they emailed customer service at the store but customer service didn't understand the question.
Updated•17 years ago
|
Severity: major → critical
Comment 1•17 years ago
|
||
Mike, this needs to be fixed ASAP, please. John, can you please follow-up with GatewayCDI to make sure this gets fixed and quickly?
Comment 2•17 years ago
|
||
Hi Mike. Like Reed said, we need to get this fixed as soon as possible. I'll check in with you tomorrow to see how things are coming. Once this is fixed, it would be best if you guys could do a site audit to make sure there aren't other things that could be exploited. Thanks, John
Assignee: jslater → mike.bommarito
Comment 3•17 years ago
|
||
Let us know if we can help somehow.
Assignee | ||
Comment 4•17 years ago
|
||
I have sanitized the data being passed and redirected on no product found. Thanks, Mike
Status: NEW → RESOLVED
Closed: 17 years ago
Resolution: --- → FIXED
Comment 5•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
You need to log in
before you can comment on or make changes to this bug.
Description
•