Closed Bug 542196 Opened 15 years ago Closed 15 years ago

Need XSS fix for getpersonas.com applied due to bugtraq 0day

Categories

(Infrastructure & Operations Graveyard :: WebOps: Other, task)

task
Not set
blocker

Tracking

(Not tracked)

VERIFIED FIXED

People

(Reporter: reed, Assigned: justdave)

Details

(Keywords: wsec-xss)

getpersonas.com has been 0day'd on bugtraq... the reporter actually sent us two mails (one cc'd to bugtraq and one not), so my main concern is tackling the vulnerability that was sent to bugtraq (bug 542182). Please apply attachment 423504 [details] [diff] to production getpersonas.com.
Assignee: server-ops → justdave
Appears to be a bunch of other changes in svn besides this patch, so applied the patch manually instead of updating from svn. Should be live.
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
I can confirm the XSS no longer works. Well, that's one down, five more to go. :(
Status: RESOLVED → VERIFIED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Group: websites-security
Product: Infrastructure & Operations → Infrastructure & Operations Graveyard
You need to log in before you can comment on or make changes to this bug.