Closed Bug 709573 Opened 13 years ago Closed 13 years ago

Possible persistent XSS into the "URL" in Bugs.

Categories

(Bugzilla :: Creating/Changing Bugs, defect)

Product:
Bugzilla
Component:
Creating/Changing Bugs
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED DUPLICATE of bug 619588

People

(Reporter: netfuzzerr, Unassigned)

References

(
URL
)

Details

User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.11 (KHTML, like Gecko) Chrome/17.0.963.2 Safari/535.11 Steps to reproduce: Hello, Tests done here https://landfill.bugzilla.org/bugzilla-tip/show_bug.cgi?id=16688 Bugzilla does not properly check the field "URL" of the bugs, thus allowing to add a link to "javascript:" So, abusing the trust of a User to open a javascript code and thus allowing the theft of cookies. Actual results: Bugzilla does not properly check the URL passed in the "URL" bug.
Nothing happens in the URL field of the bug you mentioned. The URL is not linkified. This bug has already been fixed a year ago.
Group: bugzilla-security
Status: UNCONFIRMED → RESOLVED
Closed: 13 years ago
Resolution: --- → DUPLICATE
reed: don't test this here. This is a customization on bmo, not upstream. And this has already been reported elsewhere.
(In reply to Frédéric Buclin from comment #2) > reed: don't test this here. This is a customization on bmo, not upstream. > And this has already been reported elsewhere. I see no reason why *not* to test it... Can't be too careful about these types of issues.
You need to log in before you can comment on or make changes to this bug.