Closed
Bug 689675
Opened 12 years ago
Closed 12 years ago
crash-stats.mozilla.com XSS
Categories
(Socorro :: Webapp, task)
Tracking
(Not tracked)
VERIFIED
FIXED
2.2.5
People
(Reporter: ervistusha, Assigned: lonnen)
References
()
Details
Attachments
(1 file)
|
719.14 KB,
image/png
|
Details |
Post-fix screenshot
https://crash-stats.mozilla.com/products/Firefox/versions/6.0.2/topchangers?duration=3"%2f%3E%3Cimg src=x onerror="alert(1)
|
Reporter | |
Updated•12 years ago
|
Hardware: x86_64 → All
|
|
Reporter | |
Updated•12 years ago
|
Component: Your Web → Other
|
||
Updated•12 years ago
|
Target Milestone: --- → 2.3
|
Assignee | |
Updated•12 years ago
|
Assignee: nobody → chris.lonnen
|
|
Assignee | |
Comment 1•12 years ago
|
||
https://github.com/mozilla/socorro/pull/48 PHP's in_array function was erroneously returning true. The string started with an integer that was in the array of integers, and in converting it during the compare something happens to make it evaluate true. We then return the non-converted value. This will patch it by explicitly converting to an integer beforehand, and then returning the converted value (now just the integer, without the characters following it). Brandon: r?
|
||
Comment 2•12 years ago
|
||
Lonnen: r+ and merged. https://github.com/mozilla/socorro/commit/38ae94a172d8a0139afe3699b2778931c69e6d6f
Status: UNCONFIRMED → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
|
Reporter | |
Comment 3•12 years ago
|
||
crash-stats.mozilla.com still vulnerable
|
||
Comment 4•12 years ago
|
||
minor syntax error (see crash-stats-dev), r? anyone: https://github.com/mozilla/socorro/pull/49 (we should add a PHP linter to the jenkins steps :))
Status: RESOLVED → REOPENED
Ever confirmed: true
Resolution: FIXED → ---
|
|
||
Comment 5•12 years ago
|
||
(In reply to Ervis Tusha from comment #3) > crash-stats.mozilla.com still vulnerable This will go live on crash-stats-dev.allizom.org automatically once landed (which resolving the bug signals) until we do a production release. Before a production release, QA will test on stage and mark "verified". There will be a "push bug" for 2.3 (or whatever milestone the bug is set to) which will be used to track pushing it to production.
|
|
||
Comment 6•12 years ago
|
||
(In reply to Robert Helmer [:rhelmer] from comment #4) > minor syntax error (see crash-stats-dev), r? anyone: > https://github.com/mozilla/socorro/pull/49 > > (we should add a PHP linter to the jenkins steps :)) This is blocking QA, and I tested locally so merging myself (the XSS from comment 0 seems resolved btw). https://github.com/mozilla/socorro/commit/e2424ec77cdcbc73cd74a5af91e8678383e3706c
Status: REOPENED → RESOLVED
Closed: 12 years ago → 12 years ago
Resolution: --- → FIXED
|
|
||
Updated•12 years ago
|
Group: websites-security → webtools-security
Component: Other → Socorro
Product: Websites → Webtools
QA Contact: yourweb → socorro
Target Milestone: 2.3 → 2.2.5
Version: unspecified → 2.2
|
||
Comment 7•12 years ago
|
||
|
|
||
Updated•12 years ago
|
|
|
||
Comment 8•12 years ago
|
||
Verified FIXED on https://crash-stats-dev.allizom.org/products/Firefox/versions/6.0.2/topchangers?duration=3%22%2f%3E%3Cimg%20src=x%20onerror=%22alert%281%29
Status: RESOLVED → VERIFIED
|
|
||
Comment 9•12 years ago
|
||
I think we could write a test for this; use urllib to verify that the URL returns a 200 OK, without an alert.
Flags: in-testsuite?
|
||
Updated•12 years ago
|
Group: webtools-security
|
||
Updated•12 years ago
|
Component: Socorro → General
Product: Webtools → Socorro
|
|
||
Updated•12 years ago
|
Component: General → Webapp
|
|
||
Updated•12 years ago
|
Flags: in-testsuite?
You need to log in
before you can comment on or make changes to this bug.
Description
•