Tested On: Chrome, Safari and Opera.
Is it a duplicate?
I don't think it's a duplicate, he's saying it will be fixed when the update described in that bug is pushed.
Well, I know that this site is not listed on bountable list(https://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs), but also was said "...If the bug is extraordinary, we might still consider the bug to be nominated for a bounty...". So, can this be eligible for a bounty?
The bug bounty committee is meeting today and will decide whether the bug is eligible. Thank you for reporting, we will contact you if it is.
Okay. Thanks you. (In reply to Matt Fuller from comment #5) > The bug bounty committee is meeting today and will decide whether the bug is > eligible. Thank you for reporting, we will contact you if it is.
This file(https://wiki.mozilla.org/images/e/e0/XSS.svg) works on Firefox, Chrome, Safari, Opera and IE9(well, on IE crash the browser).
Mario, We believe this does not qualify for a bounty based on that it is a dupe of http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html and the site is normally not on the list of qualifying sites. Thanks for reporting and keep us aware that we need to update our installation as soon as possible.
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Reopening because this is/was a valid bug.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
It doesnt reproduce anymore. You can close this as 'fixed'.
I've confirmed that it's no longer possible to upload svg files with this exploit. I've also removed the sample file from the wiki.
Status: REOPENED → RESOLVED
Closed: 7 years ago → 6 years ago
Resolution: --- → FIXED
OS: Windows 7 → All
Hardware: x86 → All
Whiteboard: [site:wiki.mozilla.org] → [site:wiki.mozilla.org] [fixed by bug 1032351]
Target Milestone: --- → 2014-Q3
You need to log in before you can comment on or make changes to this bug.