Closed Bug 691938 Opened 13 years ago Closed 13 years ago

XSS in guides.mozilla.org

Tracking

(Not tracked)

Status:

RESOLVED WONTFIX

People

(Reporter: ygjb, Unassigned)

References

Details

(Whiteboard: [infrasec:xss][ws:low])

Yvan Boily [:ygjb][:yvan]

Reporter

Description

•

13 years ago

Issue
An XSS vulnerability exists in guides.mozilla.org that can be used to attack a user of an old browser.

Steps to reproduce
1. Navigate to
http://guides.mozilla.org/index.php?search=%2BADw-/title%2BAD4-%2BADw-script%2BAD4-alert()%2BADw-/script%2BAD4-

2. Observe the script execution.

Recommendation
None.  The guides site will be taken off-line soon, and this vulnerability can only be leveraged against users of IE6 or earlier.

Yvan Boily [:ygjb][:yvan]

Reporter

Updated

•

13 years ago

Whiteboard: [infrasec:xss][ws:low]

Yvan Boily [:ygjb][:yvan]

Reporter

Updated

•

13 years ago

Status: NEW → RESOLVED

Closed: 13 years ago

Depends on: 663711

Resolution: --- → WONTFIX

Michael Coates [:mcoates] (acct no longer active)

Comment 3

•

13 years ago

This site is not eligible for the bug bounty. The site is not on the bounty list and this vulnerability only impacts old browsers.

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Quick Search

XSS in guides.mozilla.org

Categories

(Websites :: Other, defect)

Tracking

(Not tracked)

People

(Reporter: ygjb, Unassigned)

References

Details

(Whiteboard: [infrasec:xss][ws:low])

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Comment 3