Closed Bug 1123042 Opened 10 years ago Closed 10 years ago

HTML Injection in firefox os 1.3 searchbar

Categories

(Firefox OS Graveyard :: Gaia::Search, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::Search
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1103087

People

(Reporter: roxrockers, Unassigned)

Details

(Keywords: sec-moderate, wsec-xss)

Attachments

(2 files)

IMG_1935.jpg
3.04 MB, image/jpeg
Details
this is an image of html injection on search bar on alcatel firetouch c
3.75 MB, image/jpeg
Details
Attached image IMG_1935.jpg
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:36.0) Gecko/20100101 Firefox/36.0 Build ID: 20150112004004 Steps to reproduce: i searched hello<u>world <iframe src=www.google.com> Actual results: world got underlined and an iframe was created although it showed app://homescreen.gaiamobile.org/www.google.com cant be loaded Expected results: the html tags should have not been interpreted
Severity: normal → critical
Flags: sec-review?
Flags: sec-bounty?
Priority: -- → P1
Hi, Can you tell us on what version of Firefox OS you found this bug? I tried on 1.3 on a ZTE Open C and on a flame device 2.2 with no success so far.
Severity: critical → normal
Flags: sec-review?
Flags: sec-bounty?
Priority: P1 → --
To be more specific: can you provide the information in the Settings/Device information menu? Thanks
i found this on firefox os 1.3 on alcatel one touch and succesfully injected html as i have already given the screenshot
Please don't mark the sec-bounty flags on your own bug. If you want a bug nominated for a bounty, email security@mozilla.org.
ok thanks for your advice
Flags: needinfo?(ptheriault)
I'm trying to find an Alcatel One Touch to reproduce the bug.
I can reproduce on an Alcatel One Touch Fire with 1.3, but I don't think we even support 1.3 anymore: I certainly don't see any tracking flags in Bugzilla for 1.3. Going for sec-high, though CSP helps us again, here.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Keywords: sec-high, wsec-xss
As a matter of oversight, I did not see that this bug is a duplicate of https://bugzilla.mozilla.org/show_bug.cgi?id=1103087 You will still see this bug if you flash a hamachi build from Mozilla's servers, since we stopped making hamachi builds in December 2013 (before we fixed bug 1103087). But you can easily search for the text in our code repository and notice it has been fixed for a while: https://github.com/mozilla-b2g/gaia/blob/fbf3daa963fbbe5a6228aa82635e93e3d1cb00a3/apps/collection/js/view_apps.js#L115
Status: NEW → RESOLVED
Closed: 10 years ago
Flags: needinfo?(ptheriault)
Resolution: --- → DUPLICATE
Group: core-security
Keywords: sec-highsec-moderate
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: