Closed Bug 1299351 Opened 9 years ago Closed 9 years ago

*.mozilla.org

Categories

(Websites :: Other, defect)

Product:
Websites
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED INVALID

People

(Reporter: dvs.cissp, Unassigned)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [web-bounty-form] [verif?])

Attachments

(1 file)

POC
826.58 KB, image/png
Details
Steps: 1. Create a simple HTML file with my XSS payload: <p>Drag me!</p> <script> document.addEventListener("dragstart", function(event) { event.dataTransfer.setData("text/plain", "javascript:prompt(document.domain)"); }); </script> 2. Go to: *.mozilla.org 3. Drag and drop into the drawing module, and the XSS is there :)
Flags: sec-bounty?
Attached image POC
I test on Google Chrome 52.0.2743.116 m (64-bit)/ Windows 10 64bit
Self-xss is does not qualify, this isn't a security flaw.
Group: websites-security
Status: UNCONFIRMED → RESOLVED
Closed: 9 years ago
Resolution: --- → INVALID
Flags: sec-bounty? → sec-bounty-
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: