Closed Bug 1253322 Opened 9 years ago Closed 9 years ago

Cross Site Scripting in Mozilla Browser

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
44 Branch
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 255107

People

(Reporter: aaworunse, Unassigned)

Details

Attachments

(1 file)

mozillaXSS.PNG
126.80 KB, image/png
Details
Attached image mozillaXSS.PNG
User Agent: Mozilla/5.0 (Windows NT 6.3; WOW64; rv:44.0) Gecko/20100101 Firefox/44.0 Build ID: 20160210153822 Steps to reproduce: I created an SVG file with XSS payload So the URL Equivalent of the Resulting Image executed the XSS Here is the Payload (Type in your Browser): data:image/svg+xml;base64,PHN2ZyB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciPgogICA8aW1hZ2Ugb25sb2FkPSJhbGVydChkb2N1bWVudC5kb21haW4pIj48L2ltYWdlPgogICA8c3ZnIG9ubG9hZD0iYWxlcnQoZG9jdW1lbnQuY29va2llKSI+PC9zdmc+CiAgIDxzY3JpcHQ+YWxlcnQoZG9jdW1lbnQuY29va2llKTwvc2NyaXB0PgogICA8ZGVmcyBvbmxvYWQ9ImFsZXJ0KDQpIj48L2RlZnM+CiAgIDxnIG9ubG9hZD0iYWxlcnQoNSkiPgogICAgICAgPGNpcmNsZSBvbmxvYWQ9ImFsZXJ0KDYpIiAvPgogICAgICAgPHRleHQgb25sb2FkPSJhbGVydCg3KSI+PC90ZXh0PgogICA8L2c+Cjwvc3ZnPgo= Actual results: It executed XSS with Payload document.cookie and document.domain Expected results: It shouldn't have executed an XSS, other modern browser like Chrome 48 and IE 11 protect against this and the payload is not executed in the browsers. Mozilla protect again issues like this, because they don't allow javascript Payload (e.g javascript:alert(9); )to be typed directly in the browser, this is no different Tested on FireFox44
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: