Closed
Bug 1160069
Opened 9 years ago
Closed 9 years ago
XSS/HTML injection possibilities in System app
Categories
(Firefox OS Graveyard :: Gaia::System, defect)
Tracking
(b2g-v2.0 unaffected, b2g-v2.0M unaffected, b2g-v2.1 unaffected, b2g-v2.1S unaffected, b2g-v2.2 fixed, b2g-master fixed)
RESOLVED
FIXED
2.2 S11 (1may)
Tracking | Status | |
---|---|---|
b2g-v2.0 | --- | unaffected |
b2g-v2.0M | --- | unaffected |
b2g-v2.1 | --- | unaffected |
b2g-v2.1S | --- | unaffected |
b2g-v2.2 | --- | fixed |
b2g-master | --- | fixed |
People
(Reporter: sdna.muneaki.nishimura, Assigned: kgrandon)
References
Details
(Keywords: sec-high, wsec-xss, Whiteboard: [systemsfe][b2g-adv-main2.2-])
Attachments
(2 files)
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36 Steps to reproduce: Two XSS/HTML injection bugs in Smart-system app on Stingray has been resolved by following pull requests. https://github.com/mozilla-b2g/gaia/pull/29786 https://github.com/mozilla-b2g/gaia/pull/29811 Some of the modification needs to be reflected to System app.
Updated•9 years ago
|
Comment 1•9 years ago
|
||
Tim, is this going to be part of the tv system merge?
Flags: needinfo?(timdream)
Comment 2•9 years ago
|
||
No, and our long weekend started 6 hours ago. Simply create a patch patching the same files will get this fixed I think.
Flags: needinfo?(timdream)
Updated•9 years ago
|
Whiteboard: [systemsfe]
Assignee | ||
Comment 4•9 years ago
|
||
I don't understand the purpose of this bug if we have bug 1159137 and bug 1159136 filed. Is this just a duplicate?
Flags: needinfo?(kgrandon)
See Also: → 1159137
Assignee | ||
Comment 5•9 years ago
|
||
Ok, I will help try to clean up this mess.
Assignee: nobody → kgrandon
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Assignee | ||
Comment 6•9 years ago
|
||
Here is the pull request from bug 1159137. Carrying the review+ from that bug as it's the same patch, just cleaned up and applied to a different path.
Attachment #8599930 -
Flags: review+
Assignee | ||
Comment 7•9 years ago
|
||
Here is the pull request from bug 1159136. Carrying the review+ from that bug as it's the same patch, just cleaned up and applied to a different path.
Attachment #8599936 -
Flags: review+
Assignee | ||
Comment 8•9 years ago
|
||
Landed both in master: https://github.com/mozilla-b2g/gaia/commit/92b2e038cbbe9c9ab1e5783c48da1442fb5b4537 https://github.com/mozilla-b2g/gaia/commit/faff79838642a109c401cd65842840642b360d53
Status: ASSIGNED → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Updated•9 years ago
|
status-b2g-v2.0:
--- → unaffected
status-b2g-v2.0M:
--- → unaffected
status-b2g-v2.1:
--- → unaffected
status-b2g-v2.1S:
--- → unaffected
status-b2g-v2.2:
--- → affected
status-b2g-master:
--- → fixed
Target Milestone: --- → 2.2 S11 (1may)
Comment 9•9 years ago
|
||
v2.2: https://github.com/mozilla-b2g/gaia/commit/366f2204e918b76c0d4a4990473d1e6ec68c9063 v2.2: https://github.com/mozilla-b2g/gaia/commit/f1746610f21b59b6e3de88aa69e70917424fd999
Comment 10•9 years ago
|
||
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #9) > v2.2: > https://github.com/mozilla-b2g/gaia/commit/ > 366f2204e918b76c0d4a4990473d1e6ec68c9063 This cset had to be reverted for Gij failures. Kevin said he'd take a look later. Reverted for now. v2.2: https://github.com/mozilla-b2g/gaia/commit/0f162853ae6a3e2b05164878e49276ead0d6f09c https://treeherder.mozilla.org/logviewer.html#?job_id=133427&repo=mozilla-b2g37_v2_2
Flags: needinfo?(kgrandon)
Assignee | ||
Comment 11•9 years ago
|
||
I noticed that a fix for this test was included in bug 1160505, so going to try the uplift with that patch applied as well. I also have some green runs here: https://treeherder.mozilla.org/#/jobs?repo=gaia&revision=8b06f609f7e4307ec6d4b358ac779b4b6d97b942 Re-landed: https://github.com/mozilla-b2g/gaia/commit/999bc627063d16c20f703e702f31a5cf0da8b4a6
Flags: needinfo?(kgrandon)
Comment 12•9 years ago
|
||
No 2.2 release advisory, because fixed before release and no other releases affected.
Flags: sec-bounty?
Whiteboard: [systemsfe] → [systemsfe][b2g-adv-main2.2-]
Updated•9 years ago
|
Flags: sec-bounty? → sec-bounty+
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•8 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•