Closed Bug 1773730 Opened 2 years ago Closed 2 years ago

UXSS via PrototypeMap::createEmptyStructure

Categories

(Firefox :: Security, defect)

Product:

Component:

Type:

defect

Priority:

Not set

Severity:

--

Tracking

()

Status:

RESOLVED DUPLICATE of bug 1773732

People

(Reporter: adonkidz7, Unassigned)

References

(
URL
)

Details

(Keywords: reporter-external, Whiteboard: [reporter-external] [client-bounty-form] [verif?])

Reporter

Description

•

2 years ago

open the browser (chrome, firefox, ms edge)
go to https://www.w3schools.com/html/tryit.asp?filename=tryhtml_basic
then, enter the code you have generated in w3schools, jsfiddle, or codepen io
run the code and you can see the uXSS executed via w3schools, jsfiddle, and codepen io
after you run the code, only firefox suffered damage like a DOS attack

Andrew McCreight [:mccr8] (PTO until 12-2)

Comment 1

•

2 years ago

I'm duping this to the newer bug because that has more information.

Status: UNCONFIRMED → RESOLVED

Closed: 2 years ago

Resolution: --- → DUPLICATE

Daniel Veditz [:dveditz]

Updated

•

2 years ago

Group: firefox-core-security

David Lawrence [:dkl]

Updated

•

6 months ago

Keywords: reporter-external

You need to log in before you can comment on or make changes to this bug.