1628181 - "><script>alert(1)</script>

Status: RESOLVED INVALID

(Invalid Bugs :: General, defect)

Description

[ASDHABSHDBHASBDHBASHDBHABSHDBHASBDHbHSABDHBHASBDASBDkasbdkJBDKJSABKDJBAKJSBDJSBDJBSJBDJBJSBDJBSADBKASJBDK:AJSBD:KJASDLkabsjdlkjabsldkjbaslkdjbalskjbdlkajsbdlkjabslkdjblkajsbASDHABSHDBHASBDHBASHDBHABSHDBHASBDHbHSABDHBHASBDASBDkasbdkJBDKJSABKDJBAKJSBDJSBDJB]

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.163 Safari/537.36

Steps to reproduce:

"><script>alert(1)</script>
<svg onload=alert(1)>
<img src="" onerror=alert(1)>

Actual results:

"><script>alert(1)</script>
<svg onload=alert(1)>
<img src="" onerror=alert(1)>

Expected results:

"><script>alert(1)</script>
<svg onload=alert(1)>
<img src="" onerror=alert(1)>

Comment 1

[ASDHABSHDBHASBDHBASHDBHABSHDBHASBDHbHSABDHBHASBDASBDkasbdkJBDKJSABKDJBAKJSBDJSBDJBSJBDJBJSBDJBSADBKASJBDK:AJSBD:KJASDLkabsjdlkjabsldkjbaslkdjbalskjbdlkajsbdlkjabslkdjblkajsbASDHABSHDBHASBDHBASHDBHABSHDBHASBDHbHSABDHBHASBDASBDkasbdkJBDKJSABKDJBAKJSBDJSBDJB]

"><script>alert(1)</script>
<svg onload=alert(1)>
<img src="" onerror=alert(1)>

Comment 2

[ASDHABSHDBHASBDHBASHDBHABSHDBHASBDHbHSABDHBHASBDASBDkasbdkJBDKJSABKDJBAKJSBDJSBDJBSJBDJBJSBDJBSADBKASJBDK:AJSBD:KJASDLkabsjdlkjabsldkjbaslkdjbalskjbdlkajsbdlkjabslkdjblkajsbASDHABSHDBHASBDHBASHDBHABSHDBHASBDHbHSABDHBHASBDASBDkasbdkJBDKJSABKDJBAKJSBDJSBDJB]

Attachment: "><script>alert(1)</script> <svg onload=alert(1)> <img src="" onerror=alert(1)>

[Security approval request comment]
How easily could an exploit be constructed based on the patch?

Do comments in the patch, the check-in comment, or tests included in the patch paint a bulls-eye on the security problem?

Which older supported branches are affected by this flaw?

If not all supported branches, which bug introduced the flaw?

Do you have backports for the affected branches? If not, how different, hard to create, and risky will they be?

How likely is this patch to cause regressions; how much testing does it need?

[Approval Request Comment]
If this is not a sec:{high,crit} bug, please state case for ESR consideration:
User impact if declined:
Fix Landed on Version:
Risk to taking this patch (and alternatives if risky):

See https://wiki.mozilla.org/Release_Management/ESR_Landing_Process for more info.

Approval Request Comment
[Feature/Bug causing the regression]:
[User impact if declined]:
[Is this code covered by automated tests?]:
[Has the fix been verified in Nightly?]:
[Needs manual test from QE? If yes, steps to reproduce]:
[List of other uplifts needed for the feature/fix]:
[Is the change risky?]:
[Why is the change risky/not risky?]:
[String changes made/needed]:

Approval Request Comment
[Feature/Bug causing the regression]:
[User impact if declined]:
[Is this code covered by automated tests?]:
[Has the fix been verified in Nightly?]:
[Needs manual test from QE? If yes, steps to reproduce]:
[List of other uplifts needed for the feature/fix]:
[Is the change risky?]:
[Why is the change risky/not risky?]:
[String changes made/needed]:

Comment 3

[Johann Hofmann [:johannh]]

While we appreciate security testing of our products, please don't do this on a live bugzilla environment (or, if you must absolutely, please at least file your bug directly to the invalid bugs component).