Closed Bug 638563 Opened 14 years ago Closed 14 years ago

donate.mozilla.org reflected XSS load_locale.ajax.php region_id

Categories

(Websites :: donate.mozilla.org, defect)

Product:
Websites
Component:
donate.mozilla.org
Type:
defect
Priority:
Not set
Severity:
blocker

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: dchanm+bugzilla, Unassigned)

References

(
URL
)

Details

(Keywords: wsec-xss, Whiteboard: [blocker][infrasec:xss][ws:high])

Data passed to the region_id parameter in load_locale.ajax.php is not properly sanitized before being displayed to the user. This can be leverage to conduct cross-site scripting attacks by luring a user to a specially crafted URL The page appears to strip out HTML tags. This particular vector uses the onfocus handler with the new HTML autofocus attribute. STR. 1. Visit above link in Firefox 4 2. You should get an alert box with 1 Recommended remediation: Entity encode user supplied data before displaying
We have rolled a patch to address this. We fixed the injection, make sure the whole file escapes input properly and returns data with a JSON content-type.
David, can you confirm this is resolved from the patch. We're trying to get all these bugs resolved for launch. Thanks!
Severity: normal → blocker
Whiteboard: [infrasec:xss][ws:high] → [blocker][infrasec:xss][ws:high]
Verified this in stage. All is good here.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Status: RESOLVED → VERIFIED
Group: websites-security
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
You need to log in before you can comment on or make changes to this bug.