Closed
Bug 722520
Opened 13 years ago
Closed 13 years ago
AndroidBrowserHistoryExtender.java SQL injection
Categories
(Firefox for Android Graveyard :: Android Sync, defect, P1)
Tracking
(Not tracked)
RESOLVED
FIXED
mozilla13
People
(Reporter: dchanm+bugzilla, Assigned: emtwo)
References
Details
(Whiteboard: [qa-])
Related to bug# 716143
guid is concatenated when performing SQL queries.
guid should be controlled by sync as mentioned in previous bug, but marking as private just in case.
https://github.com/mozilla-services/android-sync/blob/master/src/main/java/org/mozilla/gecko/sync/repositories/android/AndroidBrowserHistoryDataExtender.java#L150
https://github.com/mozilla-services/android-sync/blob/master/src/main/java/org/mozilla/gecko/sync/repositories/android/AndroidBrowserHistoryDataExtender.java#L164
|
||
Updated•13 years ago
|
Priority: -- → P1
|
|
||
Comment 2•13 years ago
|
||
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
|
|
||
Comment 3•13 years ago
|
||
Target Milestone: --- → mozilla13
|
||
Updated•13 years ago
|
Whiteboard: [qa-]
|
||
Updated•12 years ago
|
Product: Mozilla Services → Android Background Services
|
||
Updated•7 years ago
|
Product: Android Background Services → Firefox for Android
|
||
Updated•6 years ago
|
Group: cloud-services-security
|
|
||
Updated•4 years ago
|
Product: Firefox for Android → Firefox for Android Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•