Closed Bug 1160069 Opened 9 years ago Closed 9 years ago

XSS/HTML injection possibilities in System app

Categories

(Firefox OS Graveyard :: Gaia::System, defect)

Product:
Firefox OS Graveyard
Component:
Gaia::System
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(b2g-v2.0 unaffected, b2g-v2.0M unaffected, b2g-v2.1 unaffected, b2g-v2.1S unaffected, b2g-v2.2 fixed, b2g-master fixed)

Status:
RESOLVED FIXED
Milestone:
2.2 S11 (1may)
Tracking Flags:
Tracking Status
b2g-v2.0 --- unaffected
b2g-v2.0M --- unaffected
b2g-v2.1 --- unaffected
b2g-v2.1S --- unaffected
b2g-v2.2 --- fixed
b2g-master --- fixed

People

(Reporter: sdna.muneaki.nishimura, Assigned: kgrandon)

References

Details

(Keywords: sec-high, wsec-xss, Whiteboard: [systemsfe][b2g-adv-main2.2-])

Attachments

(2 files)

[gaia] pull request ported from bug 1159137
46 bytes, text/x-github-pull-request
kgrandon
: review+
Details | Review
[gaia] pull request ported from bug 1159136
46 bytes, text/x-github-pull-request
kgrandon
: review+
Details | Review 
User Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/42.0.2311.90 Safari/537.36

Steps to reproduce:

Two XSS/HTML injection bugs in Smart-system app on Stingray has been resolved by following pull requests.
https://github.com/mozilla-b2g/gaia/pull/29786
https://github.com/mozilla-b2g/gaia/pull/29811

Some of the modification needs to be reflected to System app.
Tim, is this going to be part of the tv system merge?
Flags: needinfo?(timdream)
No, and our long weekend started 6 hours ago. Simply create a patch patching the same files will get this fixed I think.
Flags: needinfo?(timdream)
Whiteboard: [systemsfe]
Kevin, can you take this one?
Flags: needinfo?(kgrandon)
I don't understand the purpose of this bug if we have bug 1159137 and bug 1159136 filed. Is this just a duplicate?
Flags: needinfo?(kgrandon)
See Also: → 1159137
Ok, I will help try to clean up this mess.
Assignee: nobody → kgrandon
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
Here is the pull request from bug 1159137. Carrying the review+ from that bug as it's the same patch, just cleaned up and applied to a different path.
Attachment #8599930 - Flags: review+
Here is the pull request from bug 1159136. Carrying the review+ from that bug as it's the same patch, just cleaned up and applied to a different path.
Attachment #8599936 - Flags: review+
See Also: → 1159136
status-b2g-v2.0: --- → unaffected
status-b2g-v2.0M: --- → unaffected
status-b2g-v2.1: --- → unaffected
status-b2g-v2.1S: --- → unaffected
status-b2g-v2.2: --- → affected
status-b2g-master: --- → fixed
Target Milestone: --- → 2.2 S11 (1may)
(In reply to Ryan VanderMeulen [:RyanVM UTC-4] from comment #9)
> v2.2:
> https://github.com/mozilla-b2g/gaia/commit/
> 366f2204e918b76c0d4a4990473d1e6ec68c9063

This cset had to be reverted for Gij failures. Kevin said he'd take a look later. Reverted for now.
v2.2: https://github.com/mozilla-b2g/gaia/commit/0f162853ae6a3e2b05164878e49276ead0d6f09c

https://treeherder.mozilla.org/logviewer.html#?job_id=133427&repo=mozilla-b2g37_v2_2
status-b2g-v2.2: fixedaffected
Flags: needinfo?(kgrandon)
I noticed that a fix for this test was included in bug 1160505, so going to try the uplift with that patch applied as well.

I also have some green runs here: https://treeherder.mozilla.org/#/jobs?repo=gaia&revision=8b06f609f7e4307ec6d4b358ac779b4b6d97b942

Re-landed: https://github.com/mozilla-b2g/gaia/commit/999bc627063d16c20f703e702f31a5cf0da8b4a6
status-b2g-v2.2: affectedfixed
Flags: needinfo?(kgrandon)
No 2.2 release advisory, because fixed before release and no other releases affected.
Flags: sec-bounty?
Whiteboard: [systemsfe] → [systemsfe][b2g-adv-main2.2-]
Flags: sec-bounty? → sec-bounty+
Group: core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: