Closed
Bug 633102
Opened 15 years ago
Closed 15 years ago
XSS in filenames
Categories
(addons.mozilla.org Graveyard :: Add-on Builder, defect, P1)
addons.mozilla.org Graveyard
Add-on Builder
Tracking
(Not tracked)
RESOLVED
FIXED
Builder 0.9
People
(Reporter: clouserw, Assigned: smcarthur)
Details
(Keywords: wsec-xss, Whiteboard: [ftw])
Attachments
(1 obsolete file)
I uploaded a file named:
"><a href="">test
After the second time I uploaded it I refreshed the page and the markup was broken. I don't have an XSS proof of concept, but I assume it's in there.
|
Reporter | |
Comment 1•15 years ago
|
||
|
|
Reporter | |
Comment 2•15 years ago
|
||
Comment on attachment 511308 [details] [diff] [review]
example file
bugzilla renamed this file (good work, bugzilla) so I can't give it as an example.
Attachment #511308 -
Attachment filename: blah
Attachment #511308 -
Attachment is obsolete: true
|
Assignee | |
Updated•15 years ago
|
Priority: -- → P1
Whiteboard: [ftw]
|
|
Assignee | |
Comment 3•15 years ago
|
||
fixed in master
https://github.com/mozilla/FlightDeck/commit/74835d1aee690d24dc07178a8eb264593980da1f
Status: NEW → RESOLVED
Closed: 15 years ago
Resolution: --- → FIXED
|
|
||
Comment 4•12 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
|
||
Updated•11 years ago
|
Product: addons.mozilla.org → addons.mozilla.org Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•