Created attachment 8707709 [details] Screenshot from 2016-01-14 07:29:47.png User Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:43.0) Gecko/20100101 Firefox/43.0 Build ID: 20151210163017 Steps to reproduce: I am delwar alam i found xss vulnerability in your domain (https://support.mozilla.org) Actual results: when i input some script show all script in your domain Expected results: but show popup and show your domain name user cookie and other
input this script in search box "><img src=x onerror=prompt(document.domain)>
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Summary: xss vulnerability → Self-XSS in support.mozilla.org search
Duplicate of bug: 1238252
Comment on attachment 8717530 [details] [diff] [review] avoid ASan leak report by holding PseudoStack in ImageBridgeChild Typo in the bug number.
Attachment #8717530 - Attachment is obsolete: true
You need to log in before you can comment on or make changes to this bug.