Closed
Bug 367674
Opened 18 years ago
Closed 18 years ago
[SECURITY] XSS when reading Atom feeds due to unescaped HTML
Categories
(Bugzilla :: Query/Bug List, defect)
Tracking
()
RESOLVED
FIXED
Bugzilla 2.20
People
(Reporter: LpSolit, Assigned: LpSolit)
References
Details
Attachments
(1 file, 1 obsolete file)
|
1.96 KB,
patch
|
bugzilla-mozilla
:
review+
|
Details | Diff | Splinter Review |
As described in bug 314659 comment 6 and later, it's possible to attempt some XSS using unfiltered realnames or potentially any other fields passed to the feed. This could let a user inject some HTML code in his realname, wait for a user in some security group to view a bug list containing some security bugs and a bug he reported and collect all the data thanks to the corrupted generated HTML page.
Flags: blocking3.0?
Flags: blocking2.22.2?
Flags: blocking2.20.4?
|
||
Comment 1•18 years ago
|
||
This is definitely a blocker. If it's fixed before we release 2.22.2, we'll take it for that. Otherwise I'll change the flag to blocking2.22.3.
Flags: blocking3.0?
Flags: blocking3.0+
Flags: blocking2.22.2?
Flags: blocking2.22.2+
Flags: blocking2.20.4?
Flags: blocking2.20.4+
|
Assignee | |
Comment 2•18 years ago
|
||
I'm on it. Patch coming soon...
|
|
Assignee | |
Comment 3•18 years ago
|
||
FILTER none -> FILTER html
Attachment #252249 -
Flags: review?(bugzilla-mozilla)
|
|
Assignee | |
Comment 4•18 years ago
|
||
Attachment #252250 -
Flags: review?(bugzilla-mozilla)
|
|
Assignee | |
Updated•18 years ago
|
Attachment #252250 -
Attachment description: patch for 2.22, v1 → useless backport. The one above applies on all branches.
Attachment #252250 -
Attachment is obsolete: true
Attachment #252250 -
Flags: review?(bugzilla-mozilla)
|
|
Assignee | |
Updated•18 years ago
|
Attachment #252249 -
Attachment description: patch for tip, v1 → patch for tip and branches, v1
|
||
Updated•18 years ago
|
Attachment #252249 -
Flags: review?(bugzilla-mozilla) → review+
|
|
||
Updated•18 years ago
|
Flags: approval?
Flags: approval2.22?
Flags: approval2.20?
|
|
Assignee | |
Updated•18 years ago
|
Whiteboard: [ready for 2.20.4][ready for 2.22.2][ready for 3.0rc1]
|
|
||
Updated•18 years ago
|
Severity: normal → major
|
||
Updated•18 years ago
|
Whiteboard: [ready for 2.20.4][ready for 2.22.2][ready for 3.0rc1] → [ready for 2.20.4][ready for 2.22.2][ready for 2.23.4]
|
|
||
Comment 5•18 years ago
|
||
tip:
Checking in template/en/default/list/list.atom.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.atom.tmpl,v <-- list.atom.tmpl
new revision: 1.2; previous revision: 1.1
done
2.22:
Checking in template/en/default/list/list.atom.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.atom.tmpl,v <-- list.atom.tmpl
new revision: 1.1.4.1; previous revision: 1.1
done
2.20:
Checking in template/en/default/list/list.atom.tmpl;
/cvsroot/mozilla/webtools/bugzilla/template/en/default/list/list.atom.tmpl,v <-- list.atom.tmpl
new revision: 1.1.2.3; previous revision: 1.1.2.2
done
Status: ASSIGNED → RESOLVED
Closed: 18 years ago
Flags: approval?
Flags: approval2.22?
Flags: approval2.22+
Flags: approval2.20?
Flags: approval2.20+
Flags: approval+
Resolution: --- → FIXED
Summary: [SECURITY] Possible XSS when reading Atom feeds → [SECURITY] XSS when reading Atom feeds due to unescaped HTML
Whiteboard: [ready for 2.20.4][ready for 2.22.2][ready for 2.23.4]
You need to log in
before you can comment on or make changes to this bug.
Description
•