Closed Bug 1267067 Opened 9 years ago Closed 9 years ago

firefox xss bypass

Categories

(Firefox :: Untriaged, defect)

Product:
Firefox
Component:
Untriaged
Version:
48 Branch
Platform:
x86
Windows 7
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED INVALID

People

(Reporter: xiaopigfly, Unassigned)

Details

(Whiteboard: firefox xss bypass)

Attachments

(1 file)

firefox.docx
114.22 KB, application/vnd.openxmlformats-officedocument.wordprocessingml.document
Details
Attached file firefox.docx
User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/31.0.1650.63 Safari/537.36 Steps to reproduce: Test Methods Consider the following web script: <?php header("Content-Type: text/html; charset=utf-8"); echo $_GET[c]; ?> If the routine conduct XSS such as: .php?c=<script>alert()</script> Security policy to block, but if you submit .php?c=%c1<script>alert()</script> Firefox code can bypass the xss filter and executed. Actual results: alert(document.domain) Expected results: alert(document.domain)
OS: Unspecified → Windows 7
Hardware: Unspecified → x86
Whiteboard: firefox xss bypass
Firefox has not implemented a Reflected XSS filter. It's an incomplete solution at best and we urge sites to adopt a strict Content-Security-Policy instead.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: