Closed Bug 721155 Opened 13 years ago Closed 13 years ago

Persistent Cross Site Scripting in https://wiki.mozilla.org/.

Tracking

(Not tracked)

Status:

RESOLVED INVALID

People

(Reporter: netfuzzerr, Unassigned)

Details

Mario Gomes

Reporter

Description

•

13 years ago

User Agent: Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.19 (KHTML, like Gecko) Chrome/18.0.1017.2 Safari/535.19 Steps to reproduce: Hello, Tested on Windows 7 SP1 Firefox 9.01(using adobe reader plugin) Screenshots: 1. https://wiki.mozilla.org/images/e/e9/Demo.png 2. https://wiki.mozilla.org/images/3/3c/Demo%282%29.png Reproduce: 1. Go to https://wiki.mozilla.org/images/2/28/Exploitfile.pdf. 2. Click in "Click Here" image. 3. See your cookies. @Michael Coates, I think this is "critical" because with only a click is possible get the user cookies. Will works like a persistent XSS. Cheers, Mario.

Mario Gomes

Reporter

Updated

•

13 years ago

Severity: normal → critical

Mario Gomes

Reporter

Updated

•

13 years ago

Status: UNCONFIRMED → RESOLVED

Closed: 13 years ago

Resolution: --- → INVALID

Gordon P. Hemsley [:GPHemsley]

Updated

•

11 years ago

Group: websites-security

You need to log in before you can comment on or make changes to this bug.

Bugzilla

Persistent Cross Site Scripting in https://wiki.mozilla.org/.

Categories

(Websites :: wiki.mozilla.org, defect)

Tracking

(Not tracked)

People

(Reporter: netfuzzerr, Unassigned)

References

Details

Crash Data

Security

(public)

User Story

Description

Updated

Updated

Updated