[ 0day Vulnerability ] XSS at Mozilla Firefox Bookmarks
Categories
(Firefox :: Bookmarks & History, defect)
Tracking
()
People
(Reporter: dumaicyberteam2000, Unassigned)
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/97.0.4692.99 Safari/537.36
Steps to reproduce:
Hi,
I found an XSS vulnerability in Bookmarks in Mozilla Firefox Browser. I don't know if this will be 0day Vulnerability or not, until now my community and I are looking for practical scenarios so that it can have an impact on other Mozilla Firefox Browser users.
I should have reported this sooner to you so you can check it too.
Follow Me :)
Steps :
-
Open your Mozilla Firefox Browser
-
Add Bookmarks
-
Then add the url:
javascript:alert(document.domain) -
Then open the victim's browser, see xss triggered in the victim's browser
-
At first I thought it was a cookie from myself, but when I checked on another website, it turned out to be a different cookie.
Actual results:
Impact of stored XSS attacks
If an attacker can control a script that is executed in the victim's browser, then they can typically fully compromise that user. The attacker can carry out any of the actions that are applicable to the impact of reflected XSS vulnerabilities.
Reference :
https://www.youtube.com/watch?v=tTEethBKkRc
Expected results:
Supporting Report :
- Video
Download Now :
https://drive.google.com/file/d/1PzT7Dmqn4XzGN68-mcVOBzRQJA-Vb56Z/view?usp=sharing
Thanks
Regards,
Aidil Arief
Secrash Academy
|
Reporter | |
Comment 1•4 years ago
|
||
Hi,
Sorry for my carelessness in posting here.
|
|
Reporter | |
Comment 2•4 years ago
|
||
(In reply to Aidil Arief from comment #1)
Hi,
Sorry for my carelessness in posting here.
|
|
Reporter | |
Comment 3•4 years ago
|
||
Hi,
I think it's universal XSS.
Here's a Reference:
https://labs.detectify.com/2012/10/05/universal-xss-in-opera/
|
||
Updated•4 years ago
|
|
||
Updated•1 year ago
|
Description
•