The POODLE attack (SSLv3 supported)

RESOLVED DUPLICATE of bug 1084577

Status

P3
critical
RESOLVED DUPLICATE of bug 1084577
2 years ago
5 months ago

People

(Reporter: djrootdz, Unassigned)

Tracking

Details

(URL)

(Reporter)

Description

2 years ago
User Agent: Mozilla/5.0 (Windows NT 6.1; rv:47.0) Gecko/20100101 Firefox/47.0
Build ID: 20160604131506

Steps to reproduce:

Hi there

Vulnerability : The POODLE attack (SSLv3 supported) in www.mozilla.org

High vulnerabel

About vulnerability:

    https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
    https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

I'm security researcher and bug bounty program

Best Regards,


Actual results:

Hi there

Vulnerability : The POODLE attack (SSLv3 supported) in www.mozilla.org

High vulnerabel

About vulnerability:

    https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
    https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

I'm security researcher and bug bounty program

Best Regards,


Expected results:

Hi there

Vulnerability : The POODLE attack (SSLv3 supported) in www.mozilla.org

High vulnerabel

About vulnerability:

    https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html
    https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/

I'm security researcher and bug bounty program

Best Regards,
(Reporter)

Comment 1

2 years ago
"><svg/onload=prompt(1337)>
Group: mozilla-employee-confidential
Severity: normal → critical
Component: Community → Security Assurance: Review Request
OS: Unspecified → Windows 7
Priority: -- → P3
Product: Air Mozilla → mozilla.org
Hardware: Unspecified → All
Version: unspecified → other
Status: UNCONFIRMED → RESOLVED
Last Resolved: 2 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 1084577

Comment 3

5 months ago
"&lt;/script&gt;&lt;script&gt;alert(String.fromCharCode(88,83,83))&lt;/script&gt;

Comment 4

5 months ago
"><svg/onload=prompt(1337)>

Comment 5

5 months ago
"</script><script>alert(String.fromCharCode(88,83,83))</script>
You need to log in before you can comment on or make changes to this bug.