Self-XSS in support.mozilla.org search

RESOLVED DUPLICATE of bug 1238252

Status

support.mozilla.org
Search
RESOLVED DUPLICATE of bug 1238252
2 years ago
2 years ago

People

(Reporter: Delwar Alam, Unassigned)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment, 1 obsolete attachment)

(Reporter)

Description

2 years ago
Created attachment 8707709 [details]
Screenshot from 2016-01-14 07:29:47.png

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151210163017

Steps to reproduce:

I am delwar alam
i found xss vulnerability in your domain
(https://support.mozilla.org)


Actual results:

when i input some script show all script in your domain


Expected results:

but show popup and show your domain name user cookie and other
(Reporter)

Comment 1

2 years ago
input this script in search box 
"><img src=x onerror=prompt(document.domain)>
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Summary: xss vulnerability → Self-XSS in support.mozilla.org search
Duplicate of bug: 1238252
Group: websites-security
Comment hidden (obsolete)

Comment 4

2 years ago
Comment on attachment 8717530 [details] [diff] [review]
avoid ASan leak report by holding PseudoStack in ImageBridgeChild

Typo in the bug number.
Attachment #8717530 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.