Closed
Bug 619263
Opened 14 years ago
Closed 14 years ago
Reflective XSS via Page History link on mozilla.org (filename outputted unencoded)
Categories
(www.mozilla.org :: General, defect, P1)
www.mozilla.org
General
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: firealwaysworks, Assigned: reed)
References
()
Details
(Keywords: wsec-xss, Whiteboard: [infrasec:xss][ws:high])
User-Agent: Mozilla/5.0 (X11; U; Linux x86_64; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Ubuntu/10.10 Chromium/7.0.517.44 Chrome/7.0.517.44 Safari/534.7 Build Identifier: Credit: Michael Brooks Reproducible: Always
Assignee | ||
Updated•14 years ago
|
Assignee: nobody → reed
Status: UNCONFIRMED → ASSIGNED
Ever confirmed: true
OS: Linux → All
Hardware: x86_64 → All
Assignee | ||
Updated•14 years ago
|
Whiteboard: [infrasec:xss][ws:high]
Assignee | ||
Comment 2•14 years ago
|
||
Should be fixed in r79421. Will verify once the change is live.
Status: ASSIGNED → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Assignee | ||
Updated•14 years ago
|
Severity: major → critical
Priority: -- → P1
Summary: Reflective xss on www.mozilla.org. → Reflective XSS via Page History link (filename outputted unencoded)
Comment 5•13 years ago
|
||
As I mentioned in bug 619842 comment 4, I don't think urlencode() is the best solution here. It probably would be better to use htmlspecialchars() or (my personal favorite) htmlentities() instead.
Updated•13 years ago
|
Summary: Reflective XSS via Page History link (filename outputted unencoded) → Reflective XSS via Page History link on mozilla.org (filename outputted unencoded)
Updated•12 years ago
|
Component: www.mozilla.org → General
Product: Websites → www.mozilla.org
Comment 6•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Updated•11 years ago
|
Flags: sec-bounty+
Updated•7 years ago
|
Group: websites-security
You need to log in
before you can comment on or make changes to this bug.
Description
•