Closed
Bug 716720
Opened 13 years ago
Closed 12 years ago
Disable Comments or Remove Recaptcha Plugin - XSS issue
Categories
(Developer Engagement :: Mozilla Hacks, task)
Developer Engagement
Mozilla Hacks
Tracking
(Not tracked)
RESOLVED
FIXED
People
(Reporter: mcoates, Unassigned)
References
Details
(Keywords: sec-high, wsec-xss, Whiteboard: [infrasec:xss][ws:high])
Per bug 709539 the recaptcha plugin is vulnerable to XSS. Please remove this plugin or disable comments until a replacement is available. Proof of Concept http://hacks.mozilla.org/2011/04/aurora/comment-page-1/?rcommentid=505568&rerror=%27%22%28%29%26%251%3Cscript%3Ealert%28localStorage.getItem%28%27foo%27%29%29%3C%2Fscript%3E97869%3C%2Fnoscript%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3C%2Fscript%3E12b247c29ca
|
||
Comment 1•13 years ago
|
||
turns out, this is due to an older version of wordpress. you can upgrade to the latest plugin.
|
||
Comment 2•12 years ago
|
||
Can this bug be resolved now? The PoC from comment 0 no longer works but I don't know how to check whether the plugin was upgraded.
Whiteboard: [infrasec:xss][ws:high]
|
||
Comment 3•12 years ago
|
||
This appears to be fixed now. All possible XSS characters are now being properly escaped. See: http://pastebin.mozilla.org/1864402
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
|
Assignee | |
Updated•11 years ago
|
Component: hacks.mozilla.org → Mozilla Hacks
Product: Websites → Mozilla Developer Network
|
||
Comment 4•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
|
||
Comment 5•8 years ago
|
||
For bugs that are resolved, we remove the security flag. These haven't had their flag removed, so I'm removing it now.
Group: websites-security
|
||
Updated•7 years ago
|
Product: Mozilla Developer Network → Developer Engagement
You need to log in
before you can comment on or make changes to this bug.
Description
•