mxr.mozilla.org page content editable by paste

NEW
Unassigned

Status

()

Core
DOM
--
major
8 years ago
8 years ago

People

(Reporter: mayhemer, Unassigned)

Tracking

1.9.2 Branch
All
Windows XP
Points:
---

Firefox Tracking Flags

(Not tracked)

Details

Attachments

(1 attachment)

(Reporter)

Description

8 years ago
Created attachment 447417 [details]
screenshot

Not sure this is a bug or feature of mxr.mozilla.org (seems not to), but I was able to modify the page content like this (see the attachment) when searching for "nsDOMStorageDBWrapper" file name on mxr.  I have clicked somewhere to the table and not on the input box field (first of the two "file" fields), then pasted.

I need to figure out where exactly I have clicked before I pressed ctrl-v to have STR.

This is the source of the selection of the table to the left, see where "nsDOMStorageDBWrapper" is injected:

<tr>
  <td valign="top" width="35%" align="left">

   <table width="100%" bgcolor="#eeeeee" border="1" cellpadding="10" cellspacing="0">
    <tbody><tr>
     nsDOMStorageDBWrapper<td>



      <h2 align="center"><i>mozilla-central</i> Starting Points</h2>

         <font size="+1"><a href="source/"><b>/mozilla</b></a></font>
<br>
         <font size="-1">
          Browse from the root
          of this tree.
         </font>
<form method="get" action="find">
<div align="right">
<br> <b><a href="search">Search for</a>:</b>


Reporting as a potential security issue.

BuildID: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.2) Gecko/20100115 Firefox/3.6 (.NET CLR 3.5.30729)

Will try to reproduce in safe mode.  I don't have installed any non-standard plug-ins nor much of extensions (like related to content editing).
(Reporter)

Comment 1

8 years ago
This could be a duplicate of or related to bug 339975 comment 24.  

Also good to check bug 424627, bug 462970 and bug 522815.

Would be good to open this bug (I don't have privileges to do it).

Updated

8 years ago
Group: core-security
You need to log in before you can comment on or make changes to this bug.