Closed
Bug 1239540
Opened 8 years ago
Closed 8 years ago
Self-XSS in support.mozilla.org search
Categories
(support.mozilla.org :: Search, defect)
support.mozilla.org
Search
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1238252
People
(Reporter: delwaralam, Unassigned)
Details
Attachments
(1 file, 1 obsolete file)
|
14.12 KB,
image/png
|
Details |
Screenshot from 2016-01-14 07:29:47.png
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 Build ID: 20151210163017 Steps to reproduce: I am delwar alam i found xss vulnerability in your domain (https://support.mozilla.org) Actual results: when i input some script show all script in your domain Expected results: but show popup and show your domain name user cookie and other
|
Reporter | |
Comment 1•8 years ago
|
||
input this script in search box "><img src=x onerror=prompt(document.domain)>
|
||
Updated•8 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 8 years ago
Resolution: --- → DUPLICATE
Summary: xss vulnerability → Self-XSS in support.mozilla.org search
|
||
Updated•8 years ago
|
Group: websites-security
| Comment hidden (obsolete) |
|
||
Comment 4•8 years ago
|
||
Comment on attachment 8717530 [details] [diff] [review] avoid ASan leak report by holding PseudoStack in ImageBridgeChild Typo in the bug number.
Attachment #8717530 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•