Closed
Bug 824698
Opened 12 years ago
Closed 11 years ago
Content type sniff xss is possible on https://developer.mozilla.org/pt-PT/docs/get-documents
Categories
(developer.mozilla.org Graveyard :: General, defect)
developer.mozilla.org Graveyard
General
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: netfuzzerr, Assigned: rforbes)
Details
(Whiteboard: [site:developer.mozilla.org])
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.22 (KHTML, like Gecko) Chrome/25.0.1364.5 Safari/537.22 Steps to reproduce: Hi, There's a content type sniff vulnerability in https://developer.mozilla.org/pt-PT/docs/get-documents that allows xss in some versions of Internet Explorer. The vulnerability is caused by non-use of header X-Content-Type-Options. PoC: https://developer.mozilla.org/pt-PT/docs/get-documents?term=%22'¤t_locale=1&.html Tested on IE 6/7. Cheers, Mario
assigned to rforbes for verification
Assignee: nobody → rforbes
Whiteboard: [verif?]
Assignee | ||
Comment 2•12 years ago
|
||
this works.
Assignee | ||
Updated•12 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: sec-bounty?
Whiteboard: [verif?]
Assignee | ||
Updated•11 years ago
|
Status: NEW → RESOLVED
Closed: 11 years ago
Flags: sec-bounty? → sec-bounty-
Resolution: --- → WONTFIX
Updated•11 years ago
|
Whiteboard: [site:developer.mozilla.org]
Comment 3•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
Updated•4 years ago
|
Product: developer.mozilla.org → developer.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•