Closed Bug 1320447 Opened 8 years ago Closed 8 years ago

UXSS using bookmark

Tracking

()

Status:

RESOLVED DUPLICATE of bug 371923

People

(Reporter: s.h.h.n.j.k, Unassigned)

References

Details

Attachments

(1 file)

firefox.mov 8 years ago Jun (Request needinfo for comment, I ignore other updates) 3.14 MB, video/quicktime		Details

Jun (Request needinfo for comment, I ignore other updates)

Reporter

Description

•

8 years ago

Attached video firefox.mov — Details

User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/54.0.2840.98 Safari/537.36 Steps to reproduce: 1. Go to https://jsfiddle.net/6om4ddzp/9/ 2. Select Drag me and drop it to bookmark tool bar. 3. Clicking added bookmark will execute javascript on current website Actual results: UXSS via javascript: URL bookmark Expected results: Do not allow javascript: URL on bookmark

:Gijs (he/him)

Updated

•

8 years ago

Group: firefox-core-security

Status: UNCONFIRMED → RESOLVED

Closed: 8 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz] out until Nov 10

Updated

•

3 years ago

Bugzilla

UXSS using bookmark

Categories

(Firefox :: Untriaged, defect)

Tracking

()

People

(Reporter: s.h.h.n.j.k, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Attachments

(1 file)

Description

Updated

Updated

Attachment

General

Description

File Name

Content Type