Closed
Bug 614481
Opened 14 years ago
Closed 14 years ago
XSS flaw patched in Firefox 1 present in Firefox 3.6.12
Categories
(Core :: Security, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: alexander.miller, Unassigned)
References
()
Details
(Keywords: regression)
User-Agent: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 Build Identifier: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.12) Gecko/20101027 Ubuntu/10.10 (maverick) Firefox/3.6.12 An XSS flaw patched in much older versions of Firefox is present in the most recent version of Firefox on both Windows XP SP 3, and Ubuntu 10.10. Reproducible: Always Steps to Reproduce: 1. Open https://bug292691.bugzilla.mozilla.org/attachment.cgi?id=182990 Actual Results: The testcase successfully accesses and displays my cookie information for google.com Expected Results: The cookie data should not have been accessible. This bug has been filed and patched, no single line of code in the testcase was written by me.
|
Reporter | |
Updated•14 years ago
|
Version: unspecified → 1.9.2 Branch
|
||
Comment 1•14 years ago
|
||
I see the cookies for .mozilla.org which is correct (tested on Mac). Seems a strange thing to be platform dependent, are you sure they're your Google cookies?
Keywords: regression
Summary: XSS flaw patched in Firefox 1 present in Firefox 3.6.12` → XSS flaw patched in Firefox 1 present in Firefox 3.6.12
|
|
Reporter | |
Comment 2•14 years ago
|
||
(In reply to comment #1) > I see the cookies for .mozilla.org which is correct (tested on Mac). Seems a > strange thing to be platform dependent, are you sure they're your Google > cookies? Yes. They contain my IP address identifier and my session ID. I don't want to jump to conclusions and say that it affects every platform, so I just marked it as linux for now.
|
|
Reporter | |
Updated•14 years ago
|
OS: Windows XP → All
|
||
Comment 3•14 years ago
|
||
Can't reproduce... Tested on both: Mozilla/5.0 (X11; Linux i686; rv:2.0b8pre) Gecko/20101121 Firefox/4.0b8pre Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13pre) Gecko/20101123 Namoroka/3.6.13pre I definitely see WebTrends and Urchin cookies, which are correct for www.mozilla.org, but I see nothing that looks like my Google cookie. Alex, what are the cookie names you see (just the names, not the values)?
|
|
Reporter | |
Comment 4•14 years ago
|
||
(In reply to comment #3) > Can't reproduce... > > Tested on both: > Mozilla/5.0 (X11; Linux i686; rv:2.0b8pre) Gecko/20101121 Firefox/4.0b8pre > Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.9.2.13pre) Gecko/20101123 > Namoroka/3.6.13pre > > I definitely see WebTrends and Urchin cookies, which are correct for > www.mozilla.org, but I see nothing that looks like my Google cookie. > > Alex, what are the cookie names you see (just the names, not the values)? At the time I wasn't actually logged in to google, so I only saw the same cookies you did. When logged in, I can't reproduce. Sorry for wasting your time. Please delete this bug.
|
||
Updated•14 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 14 years ago
Resolution: --- → INVALID
|
|
||
Updated•14 years ago
|
Group: core-security
You need to log in
before you can comment on or make changes to this bug.
Description
•