Closed
Bug 1456848
Opened 7 years ago
Closed 7 years ago
CSP bypass with middle click
Categories
(Firefox :: Untriaged, defect)
Firefox
Untriaged
Tracking
()
RESOLVED
DUPLICATE
of bug 1437009
People
(Reporter: s.h.h.n.j.k, Unassigned)
Details
(Keywords: reporter-external)
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/66.0.3359.117 Safari/537.36
Steps to reproduce:
1. Go to https://vuln.shhnjk.com/unxssable.php?xss=%3Ca%20href=%22javascript:alert(document.domain)%22%3Ego%3C/a%3E
2. Middle-click or Ctrl + click the link
Actual results:
CSP bypassed.
Expected results:
Middle click shouldn't allow javascript link to be executed or opened.
|
||
Updated•7 years ago
|
Flags: sec-bounty?
|
||
Comment 1•7 years ago
|
||
Confirmed, but could be a dupe of bug 1437009.
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
||
Updated•7 years ago
|
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → DUPLICATE
|
Reporter | |
Comment 3•7 years ago
|
||
The original bug is a public bug. So can I consider this bug as public and talk about it?
Flags: needinfo?(dveditz)
|
|
||
Comment 4•7 years ago
|
||
yes, that's fine. These are user actions and while it may not be what we want it's not that useful as an attack.
Flags: needinfo?(dveditz)
|
|
||
Updated•7 years ago
|
Flags: sec-bounty? → sec-bounty-
|
|
||
Updated•4 years ago
|
Group: firefox-core-security
|
||
Updated•9 months ago
|
Keywords: reporter-external
You need to log in
before you can comment on or make changes to this bug.
Description
•