Closed
Bug 1148579
Opened 11 years ago
Closed 11 years ago
Code Injection on a browser's new tab page leads user vulnerable to XSS attack.
Categories
(Firefox :: Untriaged, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: niteshnddn, Unassigned)
Details
Attachments
(1 file)
|
48.43 KB,
image/jpeg
|
Details |
Mozilla-XSS.JPG
User Agent: Mozilla/5.0 (Windows NT 6.2; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0
Build ID: 20150320202338
Steps to reproduce:
I injected the code to the new tab page which results XSS on the main browser.
The code i injected is:
data:text/html;charset=utf-8,<H1>The Browser is highly vulnerable to XSS</h1><script>window.alert('XSS-Alert -MasterNeat');</script>
Actual results:
A javascript alert message was generated which means the browser is vulnerable to cross site scripting.
Expected results:
Actually nothing should have happened when the code was injected in the URL box.
If a person with malicious motivation get idea of what happened, then the normal user would be victim of XSS attack.
|
||
Comment 1•11 years ago
|
||
Are you typing a data: URL into the addressbar or clicking on it in a link. If you are typing it in (or pasting it), I'm pretty sure this is "by design" and not a bug since we allow people to explicitly do this behavior which we wouldn't allow on a web page's hyperlinks.
|
||
Comment 2•11 years ago
|
||
Taking the URI in comment 0 (data:text/html;charset=utf-8,<H1>The Browser is highly vulnerable to XSS</h1><script>window.alert('XSS-Alert -MasterNeat');</script>) and pasting it into the location bar is not evidence of an XSS. That just loads a new HTML document in a new context and then displays the alert.
There is no "XS" here, just some "S" :)
Group: core-security
Status: UNCONFIRMED → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
You need to log in
before you can comment on or make changes to this bug.
Description
•