Closed Bug 1731719 Opened 3 years ago Closed 3 years ago

HTML injection to SSRF

Categories

(Firefox :: Untriaged, defect)

75 Branch
defect

Tracking

()

RESOLVED DUPLICATE of bug 1729452

People

(Reporter: iamnew443, Unassigned)

Details

User Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:75.0) Gecko/20100101 Firefox/75.0

Steps to reproduce:

vulnerable url: "https://support.mozilla.org/en-US/questions/new/firefox-enterprise/form"

This form allows injecting <img> html tag.

  1. Visit: https://support.mozilla.org/en-US/questions/new/firefox-enterprise/form
  2. Inject the following code in the description box

<img src="<your server addr>" width="200"/>
3. Then submit the form.

Actual results:

It will make a request to the specified server.

Group: firefox-core-security
Status: UNCONFIRMED → RESOLVED
Closed: 3 years ago
Resolution: --- → DUPLICATE
You need to log in before you can comment on or make changes to this bug.