Improper output encoding on support.mozilla.org search dialog results, self-xss

RESOLVED DUPLICATE of bug 1223970

Status

RESOLVED DUPLICATE of bug 1223970
3 years ago
3 years ago

People

(Reporter: serverghosts, Unassigned)

Tracking

({sec-moderate})

Firefox Tracking Flags

(Not tracked)

Details

(URL)

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Created attachment 8706405 [details]
Screenshot_2016-01-11-21-53-22.png

User Agent: Mozilla/5.0 (Linux; U; Android 4.4.2; en-US; PrimoC4 Build/WALTON) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 UCBrowser/10.8.0.718 U3/0.8.0 Mobile Safari/534.30

Steps to reproduce:

Go to:  https://support.mozilla.org/en-US/questions/new/desktop

Put this payload into the search :   "><p id="\u0070rompt(1)"onmouseover=\u0065val(id) //


Actual results:

Js execution (Prompt box)


Expected results:

Plan text come out
(Reporter)

Updated

3 years ago
Severity: normal → critical
OS: Unspecified → Android
Priority: -- → P2
Hardware: Unspecified → All
Summary: XSS javascript execution (prompt) → Improper output encoding on support.mozilla.org search dialog results, self-xss
Severity: critical → normal
Priority: P2 → --
Output encoding issue: unicode characters are not correctly output encoded into a context-safe HTML entity encoding format.

This example is self-xss and not exploitable to the extent we analyzed it, but there could be other places on the website that also use the same output encoding mechanism which could be vulnerable.

A review of the output encoding used for sanitization should be performed on sumo to look for other instances, identify the root cause, and fix it.
Status: UNCONFIRMED → NEW
Ever confirmed: true
Flags: needinfo?(mcooper)
Keywords: sec-moderate
(Reporter)

Comment 2

3 years ago
Is there gonna be any hof function?
I'm fairly sure this is the same problem reported and fixed in bug 1223970. I can't reproduce it following the steps in comment 1.

I don't know what a hof function is.
Status: NEW → RESOLVED
Last Resolved: 3 years ago
Flags: needinfo?(mcooper)
Resolution: --- → DUPLICATE
Duplicate of bug: 1223970
Group: websites-security
You need to log in before you can comment on or make changes to this bug.