Closed Bug 1282297 Opened 9 years ago Closed 9 years ago

The POODLE attack (SSLv3 supported)

Categories

(mozilla.org :: Security Assurance: Review Request, task, P3)

Product:
mozilla.org
Component:
Security Assurance: Review Request
Platform:
All
Windows 7
Type:
task

Tracking

(Not tracked)

Status:
RESOLVED DUPLICATE of bug 1084577

People

(Reporter: djrootdz, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1; rv:47.0) Gecko/20100101 Firefox/47.0 Build ID: 20160604131506 Steps to reproduce: Hi there Vulnerability : The POODLE attack (SSLv3 supported) in www.mozilla.org High vulnerabel About vulnerability: https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ I'm security researcher and bug bounty program Best Regards, Actual results: Hi there Vulnerability : The POODLE attack (SSLv3 supported) in www.mozilla.org High vulnerabel About vulnerability: https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ I'm security researcher and bug bounty program Best Regards, Expected results: Hi there Vulnerability : The POODLE attack (SSLv3 supported) in www.mozilla.org High vulnerabel About vulnerability: https://security.googleblog.com/2014/10/this-poodle-bites-exploiting-ssl-30.html https://blog.mozilla.org/security/2014/10/14/the-poodle-attack-and-the-end-of-ssl-3-0/ I'm security researcher and bug bounty program Best Regards,
"><svg/onload=prompt(1337)>
URL: www.mozilla.org
Group: mozilla-employee-confidential
Severity: normal → critical
Component: Community → Security Assurance: Review Request
OS: Unspecified → Windows 7
Priority: -- → P3
Product: Air Mozilla → mozilla.org
Hardware: Unspecified → All
Version: unspecified → other
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → DUPLICATE
"&lt;/script&gt;&lt;script&gt;alert(String.fromCharCode(88,83,83))&lt;/script&gt;
"><svg/onload=prompt(1337)>
"</script><script>alert(String.fromCharCode(88,83,83))</script>
You need to log in before you can comment on or make changes to this bug.