Closed Bug 751259 Opened 13 years ago Closed 13 years ago

[XSS] air.mozilla.org - SWFUpload Vulnerable Version

Categories

(Air Mozilla :: Other, defect)

Product:
Air Mozilla
Component:
Other
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

(Not tracked)

Status:
RESOLVED FIXED

People

(Reporter: kontakt, Assigned: bburton)

References

Details

(Keywords: reporter-external, sec-low, wsec-xss, Whiteboard: [site:air.mozilla.org][reporter-external])

User Agent: Mozilla/5.0 (Windows NT 5.1; rv:10.0) Gecko/20100101 Firefox/10.0 Build ID: 20120129021758 Steps to reproduce: Hello, I wanna to report a bug in site air.mozilla.org (Wordpress 3.3.1). About bug we can read, for example here: http://web.nvd.nist.gov/view/vuln/detail?vulnId=0 Actual results: Actual results: Location of vulnerable: https://air.mozilla.org/wp-includes/js/swfupload/swfupload.swf --- Impact Type:Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service --- Expected results: For fix this vulnerability script must be updated for Wordpress 3.3.2
Your link to nist.gov doesn't work. Air Mozilla should be upgraded soon though.
This is a working link for nist.gov: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2012-2399 =================== Btw. Does this issue includes the program: http://www.mozilla.org/security/bug-bounty.html ? Thanks for reply. Best Regards
This is a working link for nist.gov: http://web.nvd.nist.gov/view/vuln/detail?vulnId= CVE-2012-2399
See also http://wordpress.org/news/2012/04/wordpress-3-3-2/ The advisory is missing a lot of detail -- are we vulnerable simply by having it on the site, or must the site be set up to accept uploads? I'm not sure any of our sites or wordpress plugins/themes use the uploader.
Group: core-security → websites-security
Lacking a PoC we don't know if we're actually vulnerable or not on this one.
Status: UNCONFIRMED → NEW
Ever confirmed: true
When we upgrade WP (bug 747454) it should fix all sites. The dupe bugs explicitly mention blog.mozilla.org hacks.mozilla.org mpl.mozilla.org quality.mozilla.org and I'm sure there are others.
What is the timeline on that update? I can't see bug 747454.
This has been resolved with https://bugzilla.mozilla.org/show_bug.cgi?id=753169
Assignee: nobody → bburton
Status: NEW → RESOLVED
Closed: 13 years ago
Resolution: --- → FIXED
Hey, Does this issue includes the program: http://www.mozilla.org/security/bug-bounty.html ? Thanks for reply. Best Regards
How is this fixed when the file https://air.mozilla.org/wp-includes/js/swfupload/swfupload.swf is still accessible?
Hello Al, Wordpress has been updated, so bug has been fixed. Best Regards, Thanks for reply
BTW. This bug is fixed too: http://packetstormsecurity.org/files/112481/wordpress322-xss.txt ?
BTW. This is the PoC: /wp-includes/js/swfupload/swfupload.swf?movieName="]);}catch(e){}if(!self.a)self.a=!alert(1);// but now is fixed.
Summary: air.mozilla.org - SWFUpload Vulnerable Version → [XSS] air.mozilla.org - SWFUpload Vulnerable Version
Does this issue includes the program: http://www.mozilla.org/security/bug-bounty.html ?
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
Keywords: sec-low
Whiteboard: [site:air.mozilla.org][reporter-external]
Group: mozilla-employee-confidential
Group: websites-security, mozilla-employee-confidential
You need to log in before you can comment on or make changes to this bug.