Closed
Bug 1159137
Opened 6 years ago
Closed 6 years ago
[Stingray][Smart-System] XSS/HTML injection in value picker
Categories
(Firefox OS Graveyard :: Gaia::TV::System, defect)
Firefox OS Graveyard
Gaia::TV::System
Tracking
(b2g-v1.4 unaffected, b2g-v2.0 unaffected, b2g-v2.0M unaffected, b2g-v2.1 unaffected, b2g-v2.1S unaffected, b2g-v2.2 fixed, b2g-master fixed)
RESOLVED
FIXED
2.2 S11 (1may)
| Tracking | Status | |
|---|---|---|
| b2g-v1.4 | --- | unaffected |
| b2g-v2.0 | --- | unaffected |
| b2g-v2.0M | --- | unaffected |
| b2g-v2.1 | --- | unaffected |
| b2g-v2.1S | --- | unaffected |
| b2g-v2.2 | --- | fixed |
| b2g-master | --- | fixed |
People
(Reporter: suchiu, Assigned: suchiu)
References
Details
(Keywords: sec-high, wsec-xss, Whiteboard: stingray-picked(2015/5/19) [b2g-adv-main2.2-])
Attachments
(1 file)
Same issue in Bug 1158715. According to following link https://github.com/mozilla-b2g/gaia/blob/master/tv_apps/smart-system/js/value_selector/value_picker.js#L137, where variable _valueDisplayedText may be any characters coming from user data, it also has potential XSS injection vulnerability
|
Assignee | |
Comment 1•6 years ago
|
||
1. Replace innerHTML with textContent in value picker.
Attachment #8599650 -
Flags: review?(im)
|
||
Comment 2•6 years ago
|
||
Comment on attachment 8599650 [details] [review] Pull Request Looks good to me.
Attachment #8599650 -
Flags: review?(im) → review+
|
|
Assignee | |
Updated•6 years ago
|
Keywords: checkin-needed
|
||
Updated•6 years ago
|
Group: core-security → b2g-core-security
|
||
Comment 3•6 years ago
|
||
Why are we still patching security files in the tv-system app that have been ported to system?
|
||
Comment 4•6 years ago
|
||
Master: https://github.com/mozilla-b2g/gaia/commit/fd40a1f7911ac989dbca8e89de679e974de4ff41
Status: NEW → RESOLVED
Closed: 6 years ago
status-b2g-v1.4:
--- → unaffected
status-b2g-v2.0:
--- → unaffected
status-b2g-v2.0M:
--- → unaffected
status-b2g-v2.1:
--- → unaffected
status-b2g-v2.1S:
--- → unaffected
status-b2g-v2.2:
--- → affected
status-b2g-master:
--- → fixed
Keywords: checkin-needed
Resolution: --- → FIXED
Target Milestone: --- → 2.2 S11 (1may)
|
|
||
Comment 5•6 years ago
|
||
v2.2: https://github.com/mozilla-b2g/gaia/commit/8d14361337e608c8cdf165ea5034db5eda23b618
|
||
Updated•6 years ago
|
Group: b2g-core-security → core-security
|
|
||
Comment 6•6 years ago
|
||
(In reply to Kevin Grandon :kgrandon from comment #3) > Why are we still patching security files in the tv-system app that have been > ported to system? We still need to do it for partner.
|
||
Updated•6 years ago
|
Whiteboard: stingray-picked(2015/5/19) → stingray-picked(2015/5/19) [b2g-adv-main2.2-]
|
||
Updated•6 years ago
|
Group: core-security → core-security-release
|
|
||
Updated•5 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•