User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 Build Identifier: Mozilla/5.0 (Windows NT 5.1; rv:2.0.1) Gecko/20100101 Firefox/4.0.1 I don't know this problem has already been discovered or not, but this is very simple. Step by step: 1. Create .Html file 2. Insert the following code: <a href="data:text/html;base64,PHNjcmlwdD5hbGVydCgnWFNTJyk8L3NjcmlwdD4=">Base64-XSS</a> 3. Open the .Html file 4. Click on the Base64-XSS 5. XSS run. This problem exists in firefox 4.0 and Seamonkey 2.0.14 I think this is a security problem, what is your opinion? Reproducible: Always Steps to Reproduce: 1.. 2.. 3.. Actual Results: XSS run. Nothing.
Summary: Using the base64 to help XSS attack → data: urls inherit the security origin (Using the base64 to help XSS attack)
Status: UNCONFIRMED → RESOLVED
Last Resolved: 7 years ago
Resolution: --- → DUPLICATE
Duplicate of bug: 255107
You need to log in before you can comment on or make changes to this bug.