Closed Bug 1271635 Opened 4 years ago Closed 4 years ago

XSS when viewing image attachments

Categories

(bugzilla.mozilla.org :: User Interface, defect)

Production
defect
Not set

Tracking

()

RESOLVED FIXED

People

(Reporter: glob, Unassigned)

Details

Attachments

(1 file)

looks like there's an xss when using bug-modal's lightbox.

str: click on this attachment's name.
Assignee: nobody → dkl
Status: NEW → ASSIGNED
To ssh://gitolite3@git.mozilla.org/webtools/bmo/bugzilla.git
   ee3196e..6a48e02  master -> master
Status: ASSIGNED → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
This has been pushed to production.
Group: bugzilla-security
Component: User Interface: Modal → User Interface
Assignee: dkl → nobody
You need to log in before you can comment on or make changes to this bug.