Closed
Bug 1239540
Opened 9 years ago
Closed 9 years ago
Self-XSS in support.mozilla.org search
Categories
(support.mozilla.org :: Search, defect)
support.mozilla.org
Search
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1238252
People
(Reporter: delwaralam, Unassigned)
Details
Attachments
(1 file, 1 obsolete file)
|
14.12 KB,
image/png
|
Details |
Screenshot from 2016-01-14 07:29:47.png
User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0
Build ID: 20151210163017
Steps to reproduce:
I am delwar alam
i found xss vulnerability in your domain
(https://support.mozilla.org)
Actual results:
when i input some script show all script in your domain
Expected results:
but show popup and show your domain name user cookie and other
|
Reporter | |
Comment 1•9 years ago
|
||
input this script in search box
"><img src=x onerror=prompt(document.domain)>
|
||
Updated•9 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
Summary: xss vulnerability → Self-XSS in support.mozilla.org search
|
||
Updated•9 years ago
|
Group: websites-security
| Comment hidden (obsolete) |
|
||
Comment 4•9 years ago
|
||
Comment on attachment 8717530 [details] [diff] [review]
avoid ASan leak report by holding PseudoStack in ImageBridgeChild
Typo in the bug number.
Attachment #8717530 -
Attachment is obsolete: true
You need to log in
before you can comment on or make changes to this bug.
Description
•