Closed Bug 666302 Opened 14 years ago Closed 14 years ago

Reflected XSS in TBPL

Categories

(Tree Management Graveyard :: TBPL, defect)

Product:
Tree Management Graveyard
Component:
TBPL
Type:
defect
Priority:
Not set
Severity:
critical

Tracking

(Not tracked)

Status:
VERIFIED FIXED

People

(Reporter: ygjb, Unassigned)

References

(
URL
)

Details

(Keywords: wsec-xss, Whiteboard: [infrasec:xss][ws:high])

Reported by ignatio2007@gmail.com Issue There is a reflected XSS vulnerability in the tree parameter in tbpl.mozilla.org. Steps to Reproduce 1. Navigate to the URL above. Recommendation Perform appropriate input validation on parameters, and use output encoding as appropriate for the application.
Comment 0 is private: false
Whiteboard: [infrasec:xss][ws:critical]
Thanks for the report. This bug should be fixed by http://hg.mozilla.org/users/mstange_themasta.com/tbpl-pending-infrasec-review/rev/9980c25399a1 and http://hg.mozilla.org/users/mstange_themasta.com/tbpl-pending-infrasec-review/rev/10b06acaa3a2 These fixes haven't been deployed to tbpl.mozilla.org yet, but they can be tested on http://tbpl.swatinem.de/ We'll deploy them to tbpl.mozilla.org (along with all the rest from http://hg.mozilla.org/users/mstange_themasta.com/tbpl-pending-infrasec-review/ ) once the security review in bug 661365 is confirmed to be finished.
Depends on: 665787
661365 has been verified fix. anything else we need for this one?
Nothing, the fix just needs to be deployed.
Whiteboard: [infrasec:xss][ws:critical] → [infrasec:xss][ws:high]
Issue is resolved.
Status: NEW → RESOLVED
Closed: 14 years ago
Resolution: --- → FIXED
Group: webtools-security
Status: RESOLVED → VERIFIED
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Product: Webtools → Tree Management
Product: Tree Management → Tree Management Graveyard
You need to log in before you can comment on or make changes to this bug.