Closed
Bug 633102
Opened 13 years ago
Closed 13 years ago
XSS in filenames
Categories
(addons.mozilla.org Graveyard :: Add-on Builder, defect, P1)
addons.mozilla.org Graveyard
Add-on Builder
Tracking
(Not tracked)
RESOLVED
FIXED
Builder 0.9
People
(Reporter: clouserw, Assigned: smcarthur)
Details
(Keywords: wsec-xss, Whiteboard: [ftw])
Attachments
(1 obsolete file)
I uploaded a file named: "><a href="">test After the second time I uploaded it I refreshed the page and the markup was broken. I don't have an XSS proof of concept, but I assume it's in there.
Reporter | ||
Comment 1•13 years ago
|
||
Reporter | ||
Comment 2•13 years ago
|
||
Comment on attachment 511308 [details] [diff] [review] example file bugzilla renamed this file (good work, bugzilla) so I can't give it as an example.
Attachment #511308 -
Attachment filename: blah
Attachment #511308 -
Attachment is obsolete: true
Assignee | ||
Updated•13 years ago
|
Priority: -- → P1
Whiteboard: [ftw]
Assignee | ||
Comment 3•13 years ago
|
||
fixed in master https://github.com/mozilla/FlightDeck/commit/74835d1aee690d24dc07178a8eb264593980da1f
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Comment 4•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Updated•10 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•