Closed
Bug 1184699
Opened 9 years ago
Closed 9 years ago
XSS/HTML Injection in sharing app through app.manifest.name
Categories
(Firefox OS Graveyard :: Gaia::P2P Sharing, defect)
Tracking
(b2g-v2.0 unaffected, b2g-v2.0M unaffected, b2g-v2.1 unaffected, b2g-v2.1S unaffected, b2g-v2.2 unaffected, b2g-v2.2r unaffected, b2g-master wontfix)
RESOLVED
WONTFIX
Tracking | Status | |
---|---|---|
b2g-v2.0 | --- | unaffected |
b2g-v2.0M | --- | unaffected |
b2g-v2.1 | --- | unaffected |
b2g-v2.1S | --- | unaffected |
b2g-v2.2 | --- | unaffected |
b2g-v2.2r | --- | unaffected |
b2g-master | --- | wontfix |
People
(Reporter: tedd, Unassigned)
References
Details
(Keywords: sec-high, wsec-xss)
The sharing app uses the downloaded app name in an innerHTML statement without sanitizing the input[1], this can lead to an XSS/HTML injection. I discussed this with :freddyb on irc (hence the sec-high rating). This can be fixed similar to Bug 1177359, by using the Sanitizer Library[2] or it is probably preferred to not use innerHTML at all and use .textContent instead after '<p>' has been assigned. [1] https://github.com/fxos/sharing/blob/5a678a89b7a78c8bc986b85282bcd6c3d19b6bb0/app/js/views/progress_dialog_view.js#L27 [2] https://developer.mozilla.org/en-US/Firefox_OS/Security/Security_Automation
Reporter | ||
Comment 1•9 years ago
|
||
talked to :drs and the p2p sharing app won't be in 2.5 or any further releases.
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → WONTFIX
Comment 3•9 years ago
|
||
AFAICS, the p2p sharing app was only ever bundled with the Foxfood device.
Flags: needinfo?(cr)
Updated•9 years ago
|
status-b2g-v2.0:
--- → unaffected
status-b2g-v2.0M:
--- → unaffected
status-b2g-v2.1:
--- → unaffected
status-b2g-v2.1S:
--- → unaffected
status-b2g-v2.2:
--- → unaffected
status-b2g-v2.2r:
--- → unaffected
status-b2g-master:
--- → wontfix
Updated•9 years ago
|
Group: core-security → core-security-release
Updated•6 years ago
|
Group: core-security-release
You need to log in
before you can comment on or make changes to this bug.
Description
•