Need XSS fix for getpersonas.com applied due to bugtraq 0day

VERIFIED FIXED

Status

Infrastructure & Operations
WebOps: Other
--
blocker
VERIFIED FIXED
9 years ago
3 years ago

People

(Reporter: reed, Assigned: justdave)

Tracking

({wsec-xss})

Details

(Reporter)

Description

9 years ago
getpersonas.com has been 0day'd on bugtraq... the reporter actually sent us two mails (one cc'd to bugtraq and one not), so my main concern is tackling the vulnerability that was sent to bugtraq (bug 542182).

Please apply attachment 423504 [details] [diff] to production getpersonas.com.
Assignee: server-ops → justdave
Appears to be a bunch of other changes in svn besides this patch, so applied the patch manually instead of updating from svn.

Should be live.
Status: NEW → RESOLVED
Last Resolved: 9 years ago
Resolution: --- → FIXED
(Reporter)

Comment 2

9 years ago
I can confirm the XSS no longer works. Well, that's one down, five more to go. :(
(Reporter)

Updated

9 years ago
Status: RESOLVED → VERIFIED
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Component: Server Operations: Web Operations → WebOps: Other
Product: mozilla.org → Infrastructure & Operations
Group: websites-security
You need to log in before you can comment on or make changes to this bug.