Closed Bug 1078533 Opened 5 years ago Closed 5 years ago

XSS in configuration tab - about:cache

Categories

(Core :: Networking: Cache, defect)

32 Branch
defect
Not set

Tracking

()

RESOLVED DUPLICATE of bug 1074485

People

(Reporter: funes2012, Unassigned)

Details

(Whiteboard: [reporter-external])

Attachments

(1 file)

Attached image vuln_firefox.png
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:32.0) Gecko/20100101 Firefox/32.0
Build ID: 20140924083558

Steps to reproduce:

Go to about:cache

try about:cache?storage=&context=<h1>seguro que no se ejecuta?</h1><script>alert('test')</script>




Actual results:

Can inject html and javascript commands.


Expected results:

Sanitize the request.
Priority: -- → P1
Status: UNCONFIRMED → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1074485
unhiding this bug as the bug that it dupes is already public
Group: core-security
Component: Untriaged → Networking: Cache
Product: Firefox → Core
Version: 32 Branch → unspecified
Flags: sec-bounty-
OS: Linux → All
Priority: P1 → --
Hardware: x86_64 → All
Whiteboard: [reporter-external]
Version: unspecified → 32 Branch
You need to log in before you can comment on or make changes to this bug.