Closed
Bug 511571
Opened 16 years ago
Closed 16 years ago
https://creative.mozilla.org/register has an XSS vulnerability
Categories
(Websites :: creative.mozilla.org, defect)
Websites
creative.mozilla.org
Tracking
(Not tracked)
VERIFIED
FIXED
People
(Reporter: Gavin, Assigned: ryansnyder)
References
()
Details
(Keywords: wsec-xss)
Attachments
(1 file)
|
1.22 MB,
image/png
|
Details |
Post-fix screenshot of staging
Reported on IRC by "sipher". Looks like the username is being spit back unfiltered.
Demo: http://statusbarn.com/tests/mozcxsstest.html
Should probably also be checking referrers to mitigate CSRF.
|
||
Comment 1•16 years ago
|
||
(In reply to comment #0)
> Should probably also be checking referrers to mitigate CSRF.
Checking referrers is not in any way a correct form of CSRF mitigation. The main mitigation tactic that I've seen used and that works is to use a secret, user-specific token in all form submissions.
|
||
Updated•16 years ago
|
Assignee: nobody → ryan
|
|
Assignee | |
Comment 2•16 years ago
|
||
* Adding token checking to all unauthenticated forms.
* Fixing UI for form on reset password page.
==
Sending application/views/forgot.php
Sending application/views/login.php
Sending application/views/register.php
Adding application/views/verify_reset_password.php
Sending modules/auth/controllers/auth.php
Sending modules/auth/views/forgot.php
Sending modules/auth/views/login.php
Sending modules/auth/views/register.php
Transmitting file data ........
Committed revision r49627.
|
|
Assignee | |
Comment 3•16 years ago
|
||
Patching registration page, which was not escaping characters in form outputs.
==
Sending application/views/register.php
Transmitting file data .
Committed revision 49628.
Status: NEW → RESOLVED
Closed: 16 years ago
Resolution: --- → FIXED
|
||
Comment 4•16 years ago
|
||
|
|
||
Comment 5•16 years ago
|
||
Verified FIXED on http://mcc.stage.mozilla.com/register; see screenshot in comment 4. No alert() is run, which means the script doesn't get executed.
Status: RESOLVED → VERIFIED
|
|
||
Comment 6•16 years ago
|
||
This was pushed.
|
|
||
Updated•16 years ago
|
Group: websites-security
|
|
||
Comment 7•16 years ago
|
||
(In reply to comment #6)
> This was pushed.
Yep; verified FIXED on prod, too: https://creative.mozilla.org/register
|
|
||
Comment 8•12 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
You need to log in
before you can comment on or make changes to this bug.
Description
•