Closed Bug 1660282 Opened 4 years ago Closed 4 years ago

searchengine-devtools has XSS vulnerabilities

Categories

(Firefox :: Search, defect, P2)

Product:
Firefox
Component:
Search
Type:
defect
Points:
5

Tracking

()

Status:
RESOLVED FIXED
Iteration:
83.1 - Sept 21 - Oct 4

People

(Reporter: standard8, Assigned: standard8)

References

(Blocks 1 open bug)

Details

(Keywords: sec-other)

searchengine-devtools loads various items from the network, namely:

https://hg.mozilla.org/mozilla-central/raw-file/tip/browser/locales/all-locales
plus the search-config configurations

These data sets are currently not sanitised, and so may lead to XSS vulnerabilities.

Note: this is a vulnerability in the searchengine-devtools extension that we use for the search configuration for developing with Firefox, not in Firefox itself.

Dale, this is the reason behind https://github.com/mozilla-extensions/searchengine-devtools/pull/20

The changes there fix all the UI parts, there's still one part not covered, that I'll handle in a separate bug (I don't think it is as vital, but we should still fix it).

Flags: needinfo?(dharvey)
Blocks: 1663403
Iteration: 82.1 - Aug 24 - Sep 6 → 82.2 - Sep 7 - Sep 20
Keywords: sec-other

Cheers, done

Flags: needinfo?(dharvey)

Update: The PR has been approved and merged, I'm still waiting for the new release to be approved.

Iteration: 82.2 - Sep 7 - Sep 20 → 83.1 - Sept 21 - Oct 4

1.1.5 is now released with this fix in.

The remaining part will be covered in bug 1663403.

Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → FIXED
Group: firefox-core-security → core-security-release
Group: core-security-release
You need to log in before you can comment on or make changes to this bug.