Closed Bug 411209 Opened 17 years ago Closed 17 years ago

HTML attachments can be used to hijack Bugzilla sessions via XSS

Categories

(Bugzilla :: Attachments & Requests, defect)

Product:
Bugzilla
Component:
Attachments & Requests
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 38862

People

(Reporter: mozilla, Unassigned)

Details

Attachments

(1 file)

Example attachment that sources in script from another domain
93 bytes, text/html
Details 
User-Agent:       Mozilla/5.0 (Macintosh; U; Intel Mac OS X; en-us) AppleWebKit/523.10.6 (KHTML, like Gecko) Version/3.0.4 Safari/523.10.6
Build Identifier: 

Attachments can contain malicious scripts, or source in scripts from other domains that may later become malicious. By creating a malicious attachment, an attacker

Reproducible: Always

Steps to Reproduce:
1. Visit http://crypto.stanford.edu/~collinj/research/bugzilla/xss/
Actual Results:  
Your Bugzilla session cookie is alerted

Expected Results:  
Malicious page is not able to steal your Bugzilla cookie
Status: UNCONFIRMED → RESOLVED
Closed: 17 years ago
Resolution: --- → DUPLICATE
Group: webtools-security → bugzilla-security
Group: bugzilla-security → webtools-security
Group: webtools-security → bugzilla-security
This bug is being removed from the security group because the bug that it is a duplicate of is now public, since it has been fixed and a Security Advisory has been sent about it. See bug 468249 for the Security Advisory.
Group: bugzilla-security
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: