1018901 - XSS vulnerability

Status: RESOLVED DUPLICATE of bug 1018869

(developer.mozilla.org :: Security, defect)

Description

[Niklas Keller]

What did you do?
================
https://developer.mozilla.org/en-US/docs/Web/JavaScript$compare?to=611331&from=611329

Javascript gets executed when a page with the left content is edited.

What happened?
==============
Javascript gets executed when a page with the left content is edited.

What should have happened?
==========================
Javascript should be removed / escaped and not be executed!

Is there anything else we should know?
======================================
I didn't find this bug, I just saw raw HTML in another page's breadcrumbs.

Comment 1

[Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]]

This site is not officially in our list of eligible sites. If the bug is extraordinary we sometimes offer bounties for interesting bugs which are outside of normal policy.

We do appreciate learning about bugs in all of our sites. We publish a list of eligible sites for people who are only interested in bounties and we hope that can help reduce the frustration of wasting time in unfruitful areas.
http://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs

Comment 2

[Curtis Koenig [:curtisk-use curtis.koenig+bzATgmail.com]]]

also please use developer.allizom.org for testing purposes

Comment 3

[Niklas Keller]

I didn't do these initial edits, I just saw them and reverted them.

Should I create a page on developer.allizom.org to show the bug or was this just a general heads up?
If I do such an edit, the bug becomes more public.

Comment 5

[David Chan [:dchan]]

This bug is a result of bug 1018869 where the reporter inserted javascript into the page. The javascript is persisted in the change history which is what you saw.

Comment 7

[Will Kahn-Greene [:willkg] ET needinfo? me]

For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.