Closed Bug 568395 Opened 11 years ago Closed 10 years ago
IScriptable Unescape HTML .parse Fragment()
(In reply to comment #1) > I think Ehsan's work in bug 520189 might fix this... I don't think so. That bug only changes the behavior of the editor. BTW, shouldn't this live in the security group?
Given that there's a public paper and CVE with details? Not sure.
So in particular, you're not changing the paranoid sinks to screen URI attributes?
Judging from this in comment 0, I think that's what's happening here: > In this case, we will analyse an example of a vulnerable extension which trusts > the nsIScriptableUnescapeHTML parsing function to filter untrusted content > which is rendered in a Chrome privileged window
Yeah, then we should do what I suggest in comment 6, I think.
Hi all, Has this bug being fixed? Please see announcement below: http://www.mozilla.org/security/announce/2011/mfsa2011-08.html Also, I cannot access https://bugzilla.mozilla.org/show_bug.cgi?id=562547 which is linked in that announcement so I am not sure what the fix relates to. Also, I am not a Mozilla Security Developer, as reported in that link :-). Thanks, Roberto Suggi Liverani
> Has this bug being fixed? I'm not sure. Daniel, is this the same issue as bug 562547? > Also, I am not a Mozilla Security Developer, as reported in that link :-). You're not, but the person who reported bug 562547 (about a month before you reported this bug) is.
Hi Boris, Thanks for your input. Just to clarify a bit what happened from my side: - 28th April 2010 - This bug was originally released within this whitepaper - http://www.security-assessment.com/files/whitepapers/Cross_Context_Scripting_with_Firefox.pdf - 28th April 2010 - NIST has created a CVE entry (CVE-2010-1585) for the bug reported on the white paper. The same CVE ID is referred in the Mozilla announcement: http://www.mozilla.org/security/announce/2011/mfsa2011-08.html - 26th May 2010 - Filed this bug in bugzilla. Cheers, Roberto
Ah, I see. Daniel reported bug 562547 based on the CVE. So yes, this is fixed. I'll mail Daniel about the mis-attribution. Thanks for bringing this up!
Status: UNCONFIRMED → RESOLVED
Closed: 10 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: CVE-2010-1585
Oh, and you should have access to bug 562547 now.
Oh, it's attributed correctly. Just the description of who you are is wrong. OK, then! Still mailing Daniel. ;)
And my apologies for not reading more carefully!
Hi Boris, No worries for that ;-). Since this issue has been resolved, is it possible to have have that link http://www.mozilla.org/security/announce/2011/mfsa2011-08.html rectified? Or should I contact someone in particular to get the page rectified? Instead of Mozilla Security Developer -> Security Consultant for Security-Assessment.com ;-) Cheers, Roberto
Roberto, I did mail Daniel Veditz about that. I _think_ he's the right contact for that... If nothing there changes in a few days, please ping me again?
You need to log in before you can comment on or make changes to this bug.