Closed
Bug 1151340
Opened 10 years ago
Closed 9 years ago
AMO should send X-Content-Type-Options: nosniff
Categories
(addons.mozilla.org :: Security, defect)
addons.mozilla.org
Security
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: kaleemshaik786, Unassigned)
Details
(Keywords: reporter-external, sec-low)
Attachments
(2 files)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:37.0) Gecko/20100101 Firefox/37.0
Build ID: 20150402191859
Steps to reproduce:
Hi There is some issue in https://addons.mozilla.org/en-US/firefox/users/edit#user-profile
However I could not exploit it this issue.I was able to upload non png or jpg images in profile pictures section.
I believe application is only checking content type header in request based on that It is taking decision
I bypassed the validation using double extension method.Able to upload files
eg: test.php.jpg
Application is treating this as jpg file and file is uploaded successfully. However I was not able to execute the content. This should be resolve
Pls see the screen shot
|
||
Updated•10 years ago
|
Group: websites-security → client-services-security
Component: Other → Administration
Product: Websites → addons.mozilla.org
Version: Development → unspecified
|
|
||
Updated•10 years ago
|
Flags: sec-bounty?
|
||
Updated•10 years ago
|
Assignee: nobody → fbraun
|
||
Comment 1•10 years ago
|
||
I'll take a look whether this is exploitable in a different context..
|
|
||
Comment 2•10 years ago
|
||
I couldn't find a way to exploit this in any way. I guess this is sec-low or sec-other: addons.mozilla.org should still send a nosniff header to IE users.
Assignee: fbraun → nobody
|
|
||
Comment 3•10 years ago
|
||
We should still consider sending the nosniff thing.
Group: client-services-security
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: sec-bounty? → sec-bounty-
Keywords: sec-low
Summary: Improper Validation in for file upload functionality → AMO should send X-Content-Type-Options: nosniff
|
||
Updated•9 years ago
|
Component: Administration → Add-on Security
|
|
||
Comment 4•9 years ago
|
||
Is this resolved with CSP, or is it a separate issue?
Flags: needinfo?(amckay)
|
||
Comment 6•9 years ago
|
||
|
||
Comment 7•9 years ago
|
||
This is already being done.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
|
||
Updated•1 year ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•