Closed Bug 1247292 Opened 9 years ago Closed 9 years ago

Output encoding error, would be XSS if content type of response were to change.

Categories

(support.mozilla.org :: Code Quality, task)

Product:
support.mozilla.org
Component:
Code Quality
Type:
task
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1223970

People

(Reporter: amuntner, Unassigned)

References

(
URL
)

Details

(Keywords: sec-moderate, wsec-xss)

If the content-type were text/html, this would be XSS. Couldn't find a way to get it reflected into a page but that doesn't mean there isn't a way. safe html encoded output should be used for user input to q parameter Marking as moderate because it's not provably exploitable but I'd like to see it fixed anyway. https://support.mozilla.org/en-US/search/suggestions?q={searchTerms56242<script>alert(1)<%2fscript>360ed GET /en-US/search/suggestions?q={searchTerms56242<script>alert(1)<%2fscript>360ed HTTP/1.1 Host: support.mozilla.org Accept: */* Accept-Language: en User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0) Connection: close HTTP/1.1 200 OK Server: Apache X-Backend-Server: support2.webapp.phx1.mozilla.com Vary: X-Mobile,User-Agent Cache-Control: no-cache, must-revalidate Content-Type: application/x-suggestions+json <------- (snip) ["{searchTerms56242<script>alert(1)</script>360ed", ["JavaScript settings and preferences for interactive web pages", "Warning Unresponsive script - What it means and how to fix it", (snip)
Closing, duplicate of bug 1223970, issue is safe artifact of template engine
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
These bugs are all resolved, so I'm removing the security flag from them.
Group: websites-security
You need to log in before you can comment on or make changes to this bug.