3 years ago
11 months ago


(Reporter: Lalith Rallabhandi, Unassigned)




(1 attachment)



3 years ago
Created attachment 8543057 [details]
Mozilla XSS 1.png

User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/36.0.1985.125 Safari/537.36

Steps to reproduce:

Flash XSS in mozilla sub-domain .

URL :;//;//

1. Open above URL in Mozilla .
2. It displays an ad . Now click on the ad which will redirect to a new tab .
3. 1st URL will display the domain where the XSS was triggered and second URL will display the cookies .

Actual results:

An XSS was triggered by execution of Javascript by setting the clickTag paramter in the flash . Clicking on the ad will redirect the user to respective site as per flash code . But it fails to filter external Javascript handler , thus resulting in execution of Javascript .

Expected results:

clickTag paramter should have filtered the special characters or filtering based on https or http protocols  . So that if any attacker provides malicious js that won't get accepted by the application .

Comment 1

3 years ago
Please add sec-bounty flag ! 


Comment 2

3 years ago
Dupe of bug 780450? nhirata, what do you think?
Component: General → Video
Flags: needinfo?(nhirata.bugzilla)
Product: Core →
Summary: Flash XSS in mozilla → Flash XSS in
Version: 34 Branch → other
Please see :
  *.swf was removed from that directory.

To note, I do believe it is a similar if not duplicate bug.  Is there anything we can do to tighten the browser itself to help protect the user from malicious post parameter Javascript?
Flags: needinfo?(nhirata.bugzilla)

Comment 4

3 years ago
Hey ,

Is this eligible for bounty ?
I found similar issues in at different places . So this does constitute some risk as there were cookies ,donot whether they are sensitive information or not ?

Comment 5

11 months ago
This is an old bug – looks like a duplicate of #769755, in which Daniel remarks "" is intended for testing purposes and not bounty eligible:

> is for mozillians to upload random test stuff. It is not a site covered by the web bounty, and since files are not uploaded through a web interface there's really no value to an XSS on that site -- there's no auth to compromise.
Last Resolved: 11 months ago
Resolution: --- → DUPLICATE
Duplicate of bug: 769755
You need to log in before you can comment on or make changes to this bug.