Closed Bug 1271635 Opened 8 years ago Closed 8 years ago

XSS when viewing image attachments

Tracking

()

Status:

RESOLVED FIXED

People

(Reporter: glob, Unassigned)

Details

Attachments

(1 file)

"><script>alert(1)</script> 8 years ago :glob ✱ 6.14 KB, image/png		Details

:glob ✱

Reporter

Description

•

8 years ago

Attached image "><script>alert(1)</script> — Details

looks like there's an xss when using bug-modal's lightbox.

str: click on this attachment's name.

David Lawrence [:dkl]

Updated

•

8 years ago

Assignee: nobody → dkl

Status: NEW → ASSIGNED

David Lawrence [:dkl]

Comment 1

•

8 years ago

To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   ee3196e..6a48e02  master -> master

Status: ASSIGNED → RESOLVED

Closed: 8 years ago

Resolution: --- → FIXED

David Lawrence [:dkl]

Comment 2

•

8 years ago

This has been pushed to production.

Group: bugzilla-security

Firefox Bug Husbandry Bot

Updated

•

5 years ago

Component: User Interface: Modal → User Interface

Firefox Bug Husbandry Bot

Updated

•

5 years ago

Assignee: dkl → nobody

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

XSS when viewing image attachments

Categories

(bugzilla.mozilla.org :: User Interface, defect)

Tracking

()

People

(Reporter: glob, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Comment 1

Comment 2

Updated

Updated

Attachment

General

Description

File Name

Content Type