Closed
Bug 654016
Opened 13 years ago
Closed 13 years ago
data: urls inherit the security origin (Using the base64 to help XSS attack)
Categories
(Firefox :: General, defect)
Tracking
()
RESOLVED
DUPLICATE
of bug 255107
People
(Reporter: whh_iran, Unassigned)
Details
(Whiteboard: [bugday-20110513])
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 I don't know this problem has already been discovered or not, but this is very simple. Step by step: 1. Create .Html file 2. Insert the following code: <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">Base64-XSS</a> 3. Open the .Html file 4. Click on the Base64-XSS 5. XSS run. This problem exists in firefox 4.0 and Seamonkey 2.0.14 I think this is a security problem, what is your opinion? Reproducible: Always Steps to Reproduce: 1.. 2.. 3.. Actual Results: XSS run. Nothing.
Comment 1•13 years ago
|
||
The problem isn't the base64, it's that a data: url inherits the security origin of the page. That causes security problems, but also solves other problems and is known historical behavior. I don't know of any plans to change it at the current time. Sites need to filter on the data: scheme just as they would the javascript: scheme.
Group: core-security
Summary: Using the base64 to help XSS attack → data: urls inherit the security origin (Using the base64 to help XSS attack)
Updated•13 years ago
|
Version: unspecified → 4.0 Branch
Updated•13 years ago
|
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
Whiteboard: [bugday-20110513]
You need to log in
before you can comment on or make changes to this bug.
Description
•