bypass Uxss on Firefox android via javascript:alert(1)// which is shared via the Google translate app[Bug]:
Categories
(Fenix :: General, defect)
Tracking
(Not tracked)
People
(Reporter: amejia, Unassigned)
Details
From github: https://github.com/mozilla-mobile/fenix/issues/22356.
Steps to reproduce
hello Firefox security team,
i think it's a uxss vulnerability triggering android Firefox users, when i try to execute javascript:alert(1) in Firefox it doesn't work. to trigger it I use the Google translate app and translate javascript:alert(document.domain)// then I share it with Firefox users then uxss will be triggered there.Production steps:
- enter the android app and translate javascript:alert(1) // then share it to Firefox android
- successfully shared Firefox will point to google, with a javascript:alert(1) search
- just press once search on Firefox web then enter then uxss will be triggered.
scenario :
I think not everyone understands this problem, maybe when the javascript that is shared from the translate apps to Firefox users, ordinary victims will use the search feature of Firefox and accidentally press enter because there is no back button. with this xss will be triggeredPoC videos :
https://drive.google.com/file/d/1dEXjgypdjKb_eZNIW3Pf7WIY5Cjkmqq7/view?usp=sharingImpact :
Uxss via javascript shared by translate apps to Firefox android usersExpected behaviour
Uxss
Actual behaviour
Uxss
Device name
Oppo
Android version
Android 11
Firefox release type
Firefox
Firefox version
89
Device logs
No
Additional information
Uxss
Change performed by the Move to Bugzilla add-on.
|
Reporter | |
Updated•3 years ago
|
|
|
Reporter | |
Updated•3 years ago
|
|
||
Updated•2 years ago
|
|
||
Updated•2 years ago
|
Description
•