Closed
Bug 767167
Opened 12 years ago
Closed 10 years ago
Persistent XSS with SVG files on http://wiki.mozilla.org
Categories
(Websites :: wiki.mozilla.org, defect)
Websites
wiki.mozilla.org
Tracking
(Not tracked)
RESOLVED
FIXED
2014-Q3
People
(Reporter: netfuzzerr, Unassigned)
References
()
Details
(Keywords: wsec-xss, Whiteboard: [site:wiki.mozilla.org] [fixed by bug 1032351])
Hello, Persistent Cross Site Scripting(XSS) on SVG files. This can allow attackers to execute javascript codes on as orign wiki.mozilla.org. PoC: https://wiki.mozilla.org/images/d/da/File.svg Cheers, Mario.
|
Reporter | |
Comment 1•12 years ago
|
||
Tested On: Chrome, Safari and Opera.
|
|
Reporter | |
Comment 2•12 years ago
|
||
Is it a duplicate?
|
||
Comment 3•12 years ago
|
||
I don't think it's a duplicate, he's saying it will be fixed when the update described in that bug is pushed.
|
|
Reporter | |
Comment 4•12 years ago
|
||
Well, I know that this site is not listed on bountable list(https://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs), but also was said "...If the bug is extraordinary, we might still consider the bug to be nominated for a bounty...". So, can this be eligible for a bounty?
|
|
||
Updated•12 years ago
|
Status: UNCONFIRMED → NEW
Ever confirmed: true
|
|
||
Comment 5•12 years ago
|
||
The bug bounty committee is meeting today and will decide whether the bug is eligible. Thank you for reporting, we will contact you if it is.
|
|
Reporter | |
Comment 7•12 years ago
|
||
Okay. Thanks you. (In reply to Matt Fuller from comment #5) > The bug bounty committee is meeting today and will decide whether the bug is > eligible. Thank you for reporting, we will contact you if it is.
|
|
Reporter | |
Updated•12 years ago
|
|
|
Reporter | |
Comment 9•12 years ago
|
||
This file(https://wiki.mozilla.org/images/e/e0/XSS.svg) works on Firefox, Chrome, Safari, Opera and IE9(well, on IE crash the browser).
|
||
Comment 10•12 years ago
|
||
Mario, We believe this does not qualify for a bounty based on that it is a dupe of http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html and the site is normally not on the list of qualifying sites. Thanks for reporting and keep us aware that we need to update our installation as soon as possible.
|
||
Updated•11 years ago
|
Whiteboard: [site:wiki.mozilla.org]
|
||
Comment 11•11 years ago
|
||
Adding keywords to bugs for metrics, no action required. Sorry about bugmail spam.
Keywords: wsec-xss
|
|
Reporter | |
Updated•10 years ago
|
Status: NEW → RESOLVED
Closed: 10 years ago
Resolution: --- → INVALID
|
||
Comment 12•10 years ago
|
||
Reopening because this is/was a valid bug.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
|
|
Reporter | |
Comment 13•10 years ago
|
||
It doesnt reproduce anymore. You can close this as 'fixed'.
|
||
Comment 14•10 years ago
|
||
I've confirmed that it's no longer possible to upload svg files with this exploit. I've also removed the sample file from the wiki.
Status: REOPENED → RESOLVED
Closed: 10 years ago → 10 years ago
Resolution: --- → FIXED
|
|
||
Updated•10 years ago
|
Group: websites-security
|
|
||
Updated•10 years ago
|
|
|
||
Updated•10 years ago
|
OS: Windows 7 → All
Hardware: x86 → All
Whiteboard: [site:wiki.mozilla.org] → [site:wiki.mozilla.org] [fixed by bug 1032351]
Target Milestone: --- → 2014-Q3
You need to log in
before you can comment on or make changes to this bug.
Description
•