946315 - plugin vulnerabie to xss

Status: RESOLVED FIXED

(Developer Engagement :: Mozilla Hacks, task)

Description

[Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]]

Attachment: xss.png

Received: by 10.50.140.5 with HTTP; Wed, 4 Dec 2013 09:21:42 -0800 (PST)
Date: Wed, 4 Dec 2013 22:51:42 +0530
Subject: Vulnerable Plugin (XSS)
From: prayas kulshrestha <prayas.kulshresth@gmail.com>
To: Mozilla Security <security@mozilla.org>
-----//-----
Hi,

I would like to inform you about the vulnerable plugin is used in one of the important sub domain of the Mozilla that is hacks.Mozilla.org

below is the screen shot for the same
<xss.png>

Reference Link for confirmation : http://security-sh3ll.blogspot.in/2011/12/google-recaptcha-wordpress-plugin.html

this website comes even Google index one will use he dork like

Google dork: inurl:rcommentid= error=  site:mozilla.org

Result : https://www.google.co.in/search?q=inurl:rcommentid%3D+error%3D&ie=utf-8&oe=utf-8&rls=org.mozilla:en-US:official&client=firefox-a&gws_rd=cr&ei=MGSfUq7fMoWErAfF0oG4Dw#q=inurl:rcommentid%3D+error%3D++site%3Amozilla.org&rls=org.mozilla:en-US%3Aofficial


Thank You

-----
Regards
Prayas Kulshrestha

Comment 1

[Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]]

assigning to Jake, can we get this plugin fixed or remove?

Comment 2

[Chris Turra [:cturra]]

while i have updated this plugin in bug 946861, i want to remind the group it was *NOT* an activated plugin on hacks.mozilla.org.

Comment 3

[Daniel Veditz [:dveditz]]

Does not qualify for a bug bounty because this was disabled and there is no evidence (e.g. POC link) the reporter could actually trigger an XSS on the site.

Comment 4

[Jake Maul [:jakem]]

Unsetting myself and closing... seems like this was resolved in the dependent bug? I don't see any reason to keep this open.

Comment 6

[Will Kahn-Greene [:willkg] ET needinfo? me]

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.