Closed Bug 767167 Opened 9 years ago Closed 6 years ago

Persistent XSS with SVG files on http://wiki.mozilla.org

Categories

(Websites :: wiki.mozilla.org, defect)

defect
Not set
normal

Tracking

(Not tracked)

RESOLVED FIXED
2014-Q3

People

(Reporter: netfuzzerr, Unassigned)

References

()

Details

(Keywords: wsec-xss, Whiteboard: [site:wiki.mozilla.org] [fixed by bug 1032351])

Hello,

Persistent Cross Site Scripting(XSS) on SVG files. This can allow attackers to execute javascript codes on as orign wiki.mozilla.org.

PoC: https://wiki.mozilla.org/images/d/da/File.svg

Cheers,
Mario.
Tested On: Chrome, Safari and Opera.
Is it a duplicate?
I don't think it's a duplicate, he's saying it will be fixed when the update described in that bug is pushed.
Well, I know that this site is not listed on bountable list(https://www.mozilla.org/security/bug-bounty-faq-webapp.html#eligible-bugs), but also was said "...If the bug is extraordinary, we might still consider the bug to be nominated for a bounty...". So, can this be eligible for a bounty?
Status: UNCONFIRMED → NEW
Ever confirmed: true
The bug bounty committee is meeting today and will decide whether the bug is eligible. Thank you for reporting, we will contact you if it is.
Okay. Thanks you.

(In reply to Matt Fuller from comment #5)
> The bug bounty committee is meeting today and will decide whether the bug is
> eligible. Thank you for reporting, we will contact you if it is.
This file(https://wiki.mozilla.org/images/e/e0/XSS.svg) works on Firefox, Chrome, Safari, Opera and IE9(well, on IE crash the browser).
Mario,

We believe this does not qualify for a bounty based on that it is a dupe of http://lists.wikimedia.org/pipermail/mediawiki-announce/2012-June/000116.html and the site is normally not on the list of qualifying sites.

Thanks for reporting and keep us aware that we need to update our installation as soon as possible.
Whiteboard: [site:wiki.mozilla.org]
Adding keywords to bugs for metrics, no action required.  Sorry about bugmail spam.
Keywords: wsec-xss
Status: NEW → RESOLVED
Closed: 7 years ago
Resolution: --- → INVALID
Reopening because this is/was a valid bug.
Status: RESOLVED → REOPENED
Resolution: INVALID → ---
It doesnt reproduce anymore. You can close this as 'fixed'.
I've confirmed that it's no longer possible to upload svg files with this exploit. I've also removed the sample file from the wiki.
Status: REOPENED → RESOLVED
Closed: 7 years ago6 years ago
Resolution: --- → FIXED
Group: websites-security
Duplicate of this bug: 966734
Depends on: 1032351
OS: Windows 7 → All
Hardware: x86 → All
Whiteboard: [site:wiki.mozilla.org] → [site:wiki.mozilla.org] [fixed by bug 1032351]
Target Milestone: --- → 2014-Q3
You need to log in before you can comment on or make changes to this bug.